Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # DaH4cKeR : 09-Aug-2011
- # Script : MomiComm.py
- # http://hypersecurity.blogspot.com
- #
- # Script to communicate with Win32/Momibot Trojan. It will send &
- # receive commands from the C&C server and display all responses (XML)
- # in clear text.
- #
- # http://www.microsoft.com/security/portal/Entry.aspx?name=Backdoor:Win32/Momibot.gen!B
- #
- # Cheers,
- # @DaH4cker
- #
- #######################################################################################
- #CnC="212.124.123.98:80" #Sample MD5: 108da66dfa28a790a08be1965a2df8c2
- #CnC="184.105.178.85:80" #Sample MD5: 2a593a1ead30ee30017d71bd18d9e66b
- CnC="203.146.253.110:8090" #Sample MD5: 598417359361205d9c2a1892e3a31c13
- # All the samples I analyzed so far seem to be using the following XOR key
- # and PHP pages for communication.
- cntrl_page="/v4/index.php"
- #cntrl_page="/v5/index.php"
- XOR_key="\x53"
- ################### Modify beyond this at your own risk ! #####################
- import base64
- import httplib
- def encrypt(msg, key):
- data = ''
- for char in msg:
- char = chr(ord(char) ^ ord(key))
- data += char
- enc = base64.b64encode(data)
- return enc
- def decrypt(msg, key):
- try:
- dec = base64.b64decode(msg)
- data = ''
- for char in dec:
- char = chr(ord(char) ^ ord(key))
- data += char
- return data
- except Exception:
- return "Invalid or Unknown Response"
- def send_receive(params):
- try:
- conn = httplib.HTTPConnection(CnC)
- headers = {"Content-Type": "text/xml"}
- conn.request("POST", cntrl_page, params, headers)
- resp = conn.getresponse()
- except Exception,err:
- return "Timed Out - "+str(err)
- if resp.status == 200:
- data = decrypt(resp.read(),XOR_key)
- else:
- data = str(resp.status)+" "+resp.reason
- conn.close()
- return data
- if __name__ == "__main__":
- hello_msg = "<root><binfo id=\'3559939039\' nt=\'1\' bv=\'4.6\' lt=\'LAN\' os=\'Windows XP Professional\'> </binfo></root>"
- ping_msg = "<root><ping id=\'3559939039\'/></root>"
- test1 = encrypt(hello_msg, XOR_key)
- print "Sending hello packet.."
- print "Response: "+send_receive(test1)
- test2 = encrypt(ping_msg, XOR_key)
- print "Sending ping packet.."
- print "Response: "+send_receive(test2)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement