API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 19th, 2016
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.07 KB | None | 0 0
raw download clone embed print report
  1. __author__ = 'Guy'
  2.  
  3. import socket
  4. from sys import *
  5. import re
  6. import subprocess
  7. import os
  8. import sys
  9. from SocketServer import ThreadingMixIn
  10. import thread
  11. #from timeit import default_timer as timer
  12. import time
  13. import random
  14. import platform
  15. import urllib2
  16. from PIL import ImageGrab
  17. import shutil
  18. import glob
  19. import fnmatch
  20. import win32com.shell.shell as shell
  21. '''
  22. [+] - for tcp server activations (bind, listen, accept)
  23. [$] - for client activations(send, recieve)
  24. [!] - errors
  25. [&] - computer did an action (move cd, remove file, etc.)
  26. [?] - ask client for permission (remove file, remove directory)
  27. '''
  28.  
  29. PORT = 8880
  30. IP = '127.0.0.1'
  31. BUFFER_SIZE = 1024
  32. start_time = 0
  33.  
  34. request_types = ["ECHO_1","GIVEIP_1","UPTIME_1","WHOAMI_1","MOVETO_1","RUN_1","PRINTF_1","GOAWAYF_1","GOAWAYD_1","MAKEF_1","MAKED_1","COPYF_1","EXEC_1","DL_1","PING_1","GET_1","SCREENSHOT_1", "ERROR_1", "CONNECT_1"]
  35. respond_types = ["ECHO_0","GIVEIP_0","UPTIME_0","WHOAMI_0","MOVETO_0","RUN_0","PRINTF_0","GOAWAYF_0","GOAWAYD_0","MAKEF_0","MAKED_0","COPYF_0","EXEC_0","DL_0","PING_0","GET_0","SCREENSHOT_0", "ERROR_0", "CONNECT_0"]
  36. names = ["Moses", "Abraham", "Jacob", "Joseph", "Aaron", "Abel", "Ahab", "Benjamin", "Daniel", "Ethan", "Jonah", "Joshua", "Matthew", "Nathan", "Samuel", "Simon"]
  37. names_dict= {}
  38.  
  39. def main():
  40.  
  41. '''server = socket.socket()
  42. server.bind((IP, PORT))'''
  43. start_time = time.time()
  44. if not os.path.isdir("ScreenShots"):
  45. os.mkdir("ScreenShots")
  46. if not os.path.isfile("passwords.txt"):
  47. with open("passwords.txt", 'w') as pass_file:
  48. #print "enter username:"
  49. username = raw_input("enter username:")
  50. password = raw_input("enter password:")
  51. data = username + "," + password
  52. pass_file.write(data)
  53. admin = False
  54. if admin:
  55. respond = shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe')
  56.  
  57. #print urllib2.urlopen("http://www.google.com").read()
  58.  
  59. tcp_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  60. tcp_server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  61. tcp_server.bind((IP, PORT))
  62. threads = []
  63. print "[+]binding successful"
  64.  
  65. while True:
  66. tcp_server.listen(4)
  67. print "[+]listening..."
  68. client_soc, client_address = tcp_server.accept()
  69. thread.start_new_thread(handle_client, (client_soc, client_address))
  70. #new_thread.start()
  71. #threads.append(new_thread)
  72.  
  73. for t in threads:
  74. t.join()
  75.  
  76. def handle_client(client_soc,client_address):
  77.  
  78. print "[+]new connection, socket:", client_soc, ",ip:", client_address[0], \
  79. ",port:", client_address[1]
  80. #names_dict[client_soc] = client_name #add client to names dictionary by his socket
  81. connected = False
  82. while not connected:
  83. client_data = recieve_input(client_soc, BUFFER_SIZE)
  84. msg_type, args = parse_request(client_data)
  85. connected = connect(client_soc, args)
  86. respond = ""
  87. if (connected == True):
  88. respond = "yes"
  89. else:
  90. respond = "no"
  91. send_to_client(client_soc, "CONNECT_0", respond)
  92. names_dict[client_soc] = args[0]
  93. #send_to_client(client_soc, respond)
  94. while True:
  95.  
  96. client_data = recieve_input(client_soc, BUFFER_SIZE)
  97. msg_type, args = parse_request(client_data)
  98. handle_request(client_soc, msg_type, args)
  99.  
  100. def connect(client_soc, args):
  101. if(len(args) == 2):
  102. with open("passwords.txt", 'r') as pass_file:
  103. lines = pass_file.read().split("\n")
  104. connect_dict = {}
  105. for line in lines:
  106. username, password = line.split(",")
  107. if username == args[0] and password == args[1]:
  108. return True
  109. return False
  110.  
  111.  
  112. else:
  113. return False
  114.  
  115. def recieve_input(client_soc, buffer_size):
  116. client_data = client_soc.recv(buffer_size)
  117. #client_data = raw_input()
  118. print "[$]msg from socket:", client_soc, ", msg:", client_data
  119. return client_data
  120.  
  121. def parse_request(requset_str): #type, num of args, args, data
  122. param_list = requset_str.split(r"\x")
  123. MIN_NUM_OF_PARAMETERS = 2
  124. if len(param_list) < MIN_NUM_OF_PARAMETERS:
  125. print "[!]not enough parameters"
  126. return "",0,[]
  127. msg_type = param_list[0]
  128. if msg_type not in request_types:
  129. print "[!]unknown msg type"
  130. return "",0,[]
  131. num_of_args = int(param_list[1])
  132. args_list = []
  133. if num_of_args > 0:
  134. args_list = param_list[2:]
  135. print"[$]type:", msg_type, ", args:", args_list
  136. return msg_type, args_list
  137.  
  138. def handle_request(client_soc, msg_type, args):
  139. '''
  140. "ECHO_1"
  141. "GIVEIP_1"
  142. "UPTIME_1"
  143. "WHOAMI_1"
  144. "MOVETO_1"
  145. "RUN_1"
  146. "PRINTF_1"
  147. "GOAWAYF_1"
  148. "GOAWAYD_1"
  149. "MAKEF_1"
  150. "MAKED_1"
  151. "COPYF_1"
  152. "EXEC_1"
  153. "DL_1"
  154. "PING_1"
  155. "GET_1"
  156. "SCREENSHOT_1"
  157. "ERROR_1"
  158. '''
  159.  
  160. if(msg_type == "ECHO_1" and len(args) > 0):
  161. msg_echo(client_soc, args)
  162. elif (msg_type == "GIVEIP_1" and len(args) == 0):
  163. msg_give_ip(client_soc, args)
  164. elif (msg_type == "UPTIME_1" and len(args) == 0):
  165. msg_up_time(client_soc, args)
  166. elif (msg_type == "WHOAMI_1" and len(args) == 0):
  167. msg_who_am_i(client_soc, args)
  168. elif (msg_type == "MOVETO_1" and len(args) == 1):
  169. msg_move_to(client_soc, args)
  170. elif (msg_type == "RUN_1" and len(args) == 1):
  171. msg_run(client_soc, args)
  172. elif (msg_type == "PRINTF_1" and len(args) == 1):
  173. msg_printf(client_soc, args)
  174. elif (msg_type == "GOAWAYF_1" and len(args) == 1):
  175. msg_go_away_f(client_soc, args)
  176. elif (msg_type == "GOAWAYD_1" and len(args) == 1):
  177. msg_go_away_d(client_soc, args)
  178. elif (msg_type == "MAKEF_1" and len(args) == 1):
  179. msg_make_f(client_soc, args)
  180. elif (msg_type == "MAKED_1" and len(args) == 1):
  181. msg_make_d(client_soc, args)
  182. elif (msg_type == "COPYF_1" and len(args) == 2):
  183. msg_copyf(client_soc, args)
  184. elif (msg_type == "EXEC_1"and len(args) == 1):
  185. msg_exec(client_soc, args)
  186. elif (msg_type == "DL_1" and len(args) == 1):
  187. msg_dl(client_soc, args)
  188. elif (msg_type == "PING_1" and len(args) == 1):
  189. msg_ping(client_soc, args)
  190. elif (msg_type == "GET_1" and len(args) == 1):
  191. msg_get(client_soc, args)
  192. elif (msg_type == "SCREENSHOT_1" and len(args) == 0):
  193. msg_screenshot(client_soc, args)
  194. elif (msg_type == "ERROR_1"):
  195. if(len(args) == 0):
  196. args += "" # args[0] = ""
  197. print"[!]client from socket:", client_soc, "sent error -", args[0]
  198. else:
  199. error_type = ""
  200. if(msg_type == ""):
  201. error_type = "unknown msg type"
  202. else:
  203. print "[!]incorrect arguments for", msg_type, "request"
  204. error_type = "incorrect arguments for msg type"
  205. msg_error(client_soc,error_type)
  206.  
  207.  
  208. def send_to_client(client_soc, msg_type, data):
  209. data_to_client = msg_type + r"\x"
  210. print "[$]send to socket:", client_soc, "msg. type:", msg_type, "data:", data[:100]
  211. data_to_client += str(data)
  212.  
  213. client_soc.send(data_to_client)
  214. #print "data to client:", data_to_client
  215.  
  216. def msg_error(client_soc, error_type):
  217. send_to_client(client_soc, "ERROR_0", error_type)
  218.  
  219. def msg_echo(client_soc, args):
  220. send_to_client(client_soc, "ECHO_0", args[0])
  221.  
  222. def msg_give_ip(client_soc, args):
  223. ip = socket.gethostbyname(socket.gethostname())
  224. send_to_client(client_soc, "GIVEIP_0", ip)
  225.  
  226. def msg_up_time(client_soc, args): #sends the time since it's started running in seconds
  227. end_time = time.time()
  228. time_elapsed = end_time - start_time
  229. send_to_client(client_soc, "UPTIME_0", time_elapsed)
  230.  
  231. def msg_who_am_i(client_soc, args): #TD
  232. client_name = names_dict[client_soc]
  233. os_info = platform.system() + " " + platform.release() + " " + platform.version() #td
  234. os_path = os.pathsep #TD
  235. str_msg = "You are the username \"" + client_name + "\", Running \"" + os_info + \
  236. "\" installed in \"" + os_path + "\""
  237. send_to_client(client_soc, "WHOAMI_0", str_msg)
  238.  
  239. def msg_move_to(client_soc, args):
  240. cd_path = args[0]
  241. respond = "moved cd"
  242. try:
  243. os.chdir(cd_path)
  244. except:
  245. respond = "not " + respond
  246. print "[&]" + respond + " to", cd_path
  247. send_to_client(client_soc, "MOVETO_0", respond)
  248.  
  249. def msg_run(client_soc, args):
  250. output = ""
  251. command = args[0]
  252. try:
  253. output = help_run_cmd(command)
  254. print output
  255. except:
  256. output = "command doesn't exist"
  257. send_to_client(client_soc, "RUN_0", output)
  258.  
  259. def msg_printf(client_soc, args):
  260. file_name = args[0]
  261. file_data = ""
  262. with open(file_name, 'r') as myfile:
  263. file_data = myfile.read()
  264. print "[&]printing text of", file_name, ":"
  265. print file_data
  266. help_send_file(client_soc, file_name, "PRINTF_0")
  267.  
  268.  
  269. def msg_go_away_f(client_soc, args):
  270. file_name = args[0]
  271. respond = help_remove_file_or_dir(client_soc ,file_name, "d_file")
  272. send_to_client(client_soc, "GOAWAYF_0", respond)
  273.  
  274. def msg_go_away_d(client_soc, args):
  275. dir_name = args[0]
  276. respond = help_remove_file_or_dir(client_soc ,dir_name, "d_directory")
  277. send_to_client(client_soc, "GOAWAYD_0", respond)
  278.  
  279. def msg_make_f(client_soc, args):
  280. file_name = args[0]
  281. respond = ""
  282. #if os.path.isfile(file_name):
  283. respond = help_remove_file_or_dir(client_soc ,file_name, "m_file")
  284. if(respond == "not exist" or respond == "deleted"):
  285. open(file_name, 'w')
  286. respond = "created"
  287. elif respond == "not deleted":
  288. respond = "not created"
  289. send_to_client(client_soc, "MAKEF_0", respond)
  290.  
  291. def msg_make_d(client_soc, args):
  292. dir_name = args[0]
  293. respond = ""
  294. #if os.path.isdir(dir_name):
  295. respond = help_remove_file_or_dir(client_soc ,dir_name, "m_directory")
  296. if(respond == "not exist" or respond == "deleted"):
  297. os.mkdir(dir_name)
  298. respond = "created"
  299. elif respond == "not deleted":
  300. respond = "not created"
  301. send_to_client(client_soc, "MAKED_0", respond)
  302.  
  303. def msg_copyf(client_soc, args):
  304. copied_file_name = args[0]
  305. deleted_file_name = args[1]
  306. #respond = remove_file_or_dir(client_soc ,dir_name, "d_directory")
  307. file_data = ""
  308. respond = ""
  309. try:
  310. if(not os.path.isfile(copied_file_name)):
  311. respond = "file 1 not exist"
  312. else:
  313. with open(copied_file_name, 'r') as copied_file:
  314. file_data = copied_file.read()
  315. deleted_file = open(deleted_file_name, 'w')
  316. deleted_file.write(file_data)
  317. respond = "copied"
  318. except:
  319. respond = "not copied"
  320.  
  321.  
  322.  
  323. send_to_client(client_soc, "COPYF_0", respond)
  324.  
  325. def msg_exec(client_soc, args):
  326. file_name = args[0]
  327. #str(file_name).replace("\\", "\\\\")
  328. respond = ""
  329. if(help_is_exe(file_name)):
  330. try:
  331. output = help_run_cmd(file_name)
  332. except:
  333. respond = "couldn't run file"
  334. else:
  335. respond = "file is not exe"
  336. send_to_client(client_soc, "EXEC_0", respond)
  337.  
  338.  
  339. def msg_dl(client_soc, args):
  340. file_name = args[0]
  341. help_send_file(client_soc, file_name, "DL_0")
  342.  
  343. def msg_ping(client_soc, args):
  344. destination = args[0]
  345. response = help_run_cmd("ping " + destination)
  346. send_to_client(client_soc, "PING_0", response)
  347.  
  348. def msg_get(client_soc, args):
  349. destination = args[0]
  350. if not r"http://" in str(destination):
  351. destination = r"http://" + destination
  352. response = urllib2.urlopen(destination).read()
  353.  
  354. send_to_client(client_soc, "GET_0", response)
  355.  
  356. def msg_screenshot(client_soc, args):
  357. file_path = "ScreenShots\\" + time.strftime("%Y%m%d-%H%M%S") + ".png"
  358. ImageGrab.grab().save(file_path, "JPEG")
  359. help_send_file(client_soc, file_path, "SCREENSHOT_0")
  360. #send_to_client(client_soc, "SCREENSHOT_0", response)
  361.  
  362.  
  363.  
  364. #########################################################################################
  365. #################### ####################
  366. #################### ####################
  367. #################### Help ####################
  368. #################### Functions ####################
  369. #################### ####################
  370. #################### ####################
  371. #########################################################################################
  372.  
  373.  
  374. def help_remove_file_or_dir(client_soc, _path, _type):
  375. respond = ""
  376. answer = "no"
  377. msg_type = ""
  378. if(_type == "m_file"):
  379. msg_type = "MAKEF_0"
  380. elif(_type == "m_directory"):
  381. msg_type = "MAKED_0"
  382.  
  383. if(((_type == "d_file" or _type == "m_file") and os.path.isfile(_path)) or \
  384. ((_type == "d_directory" or _type == "m_directory")and os.path.isdir(_path))):
  385.  
  386. if _type == "m_file"or _type == "m_directory":
  387.  
  388. print "[?] wait for agreement of client..."
  389.  
  390. send_to_client(client_soc, msg_type, "exist")
  391. msg_type, args = parse_request(recieve_input(client_soc, BUFFER_SIZE))
  392. answer = ""
  393. if (len(args) > 0 and ((_type == "m_file" and msg_type == "MAKEF_1") or\
  394. (_type == "m_directory" and msg_type == "MAKED_1"))):
  395. answer = args[0]
  396. print"[?]client returned:", answer
  397. else:
  398. answer = "yes"
  399. else:
  400. send_to_client(client_soc, msg_type, "not exist")
  401. return "not exist"
  402.  
  403. if(answer == "yes"):
  404. respond = help_delete_os(_type, _path)
  405. else:
  406. respond = "not deleted"
  407.  
  408.  
  409. return respond
  410.  
  411. def help_delete_os(_type, _path):
  412. try:
  413. if(_type[2:] == "file"):
  414. os.remove(_path)
  415. else:
  416. help_delete_files_in_directory(_path)
  417. os.rmdir(_path)
  418. print "[&]", _type[2:], "deleted"
  419. respond = "deleted"
  420. except OSError as detail:
  421. print "[!]", _type[2:], "not deleted"
  422. print"[!]Error details - ", detail.errno
  423. respond = "not deleted"
  424. pass
  425. return respond
  426.  
  427. def help_delete_files_in_directory(_path):
  428. if(os.path.isdir(_path)):
  429. file_list = os.listdir(_path)
  430. os.chdir(_path)
  431. for file in file_list:
  432. if(os.path.isdir(file)):
  433. help_delete_files_in_directory(file)
  434. os.rmdir(file)
  435. else:
  436. os.remove(file)
  437. os.chdir("..")
  438.  
  439. def help_is_exe(file_path):
  440. return os.path.exists(file_path) and \
  441. ((file_path.split('.')[-1]) == "exe" or not '.' in file_path)
  442.  
  443. def help_send_file(client_soc, file_name, msg_type):
  444. read = 'r'
  445. if(msg_type == "SCREENSHOT_0"):
  446. read = 'rb'
  447. with open(file_name, read) as file:
  448. file_data = file.read() + r"\y\y\y"
  449. file_len = len(file_data)
  450. start = 0
  451. if(file_len < 1024):
  452. end = file_len
  453. else:
  454. end = 1024
  455. while start < end:
  456. msg = file_data[start : end]
  457. start = end
  458. if(end + 1024 > file_len):
  459. end = file_len
  460. else:
  461. end += 1024
  462. send_to_client(client_soc, msg_type, msg)
  463.  
  464. def help_run_cmd(command):
  465. respond = ""
  466. try:
  467. respond = subprocess.check_output(command, shell = True)
  468. #respond = subprocess.call(['runas', '/user:Administrator', command])
  469. '''respond = shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe', lpParameters='/c '+command)'''
  470.  
  471. except:
  472. respond = ""
  473. return respond
  474.  
  475.  
  476. def help_int_to_str(num, length):
  477. return str(num).zfill(length - 1)
  478.  
  479.  
  480.  
  481.  
  482.  
  483.  
  484.  
  485.  
  486.  
  487. if __name__ == "__main__":
  488. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!