SHARE
TWEET

Andromeda command enumeration script

tehsyntx Oct 9th, 2014 350 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #####
  2. Andromeda Command Enumeration script
  3. @tehsyntx
  4. thembits.blogspot.com
  5. #####
  6.  
  7. #!/usr/bin/env python
  8.  
  9. import urllib2
  10. import base64
  11. import struct
  12. import sys
  13. import re
  14.  
  15. def rc4_crypt( data , key ):
  16.    #http://www.emoticode.net/python/python-implementation-of-rc4-algorithm.html  
  17.     S = range(256)
  18.     j = 0
  19.     out = []
  20.     for i in range(256):
  21.         j = (j + S[i] + ord( key[i % len(key)] )) % 256
  22.         S[i] , S[j] = S[j] , S[i]
  23.  
  24.     i = j = 0
  25.     for char in data:
  26.         i = ( i + 1 ) % 256
  27.         j = ( j + S[i] ) % 256
  28.         S[i] , S[j] = S[j] , S[i]
  29.         out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
  30.          
  31.     return ''.join(out)
  32.  
  33.  
  34. if __name__ == '__main__':
  35.  
  36.     if len(sys.argv) < 3:
  37.         print 'usage: ./andromeda.py <rc4 key> <url to gate>'
  38.         print 'author: @tehsyntx'
  39.         sys.exit()
  40.  
  41.     data = 'id:11111|bid:11111|os:FF|a:11111|rg:1111'
  42.     key = sys.argv[1]
  43.    
  44.     if 'http://' in sys.argv[2]:
  45.         url = sys.argv[2]
  46.     else:
  47.         url = 'http://' + sys.argv[2]
  48.  
  49.     pdata = base64.b64encode(rc4_crypt(data, key))
  50.  
  51.     try:
  52.         response = urllib2.urlopen(url, pdata).read()
  53.     except Exception, e:
  54.         if '404' in str(e):
  55.             print 'HTTP 404, this usually means that you\'ve got the wrong key'
  56.         else:
  57.             print 'Something went wrong, corrent key? Mistyped gate?'
  58.         sys.exit()
  59.  
  60.     data = rc4_crypt(response[4:], struct.pack("<L", 11111))
  61.     print 'Raw response:\n %s\n' % data
  62.  
  63.     if 'kl(' in data:
  64.         procs = base64.b64decode(data[data.find('kl(') + 3:-2]).split('\0')
  65.         print 'Keylog processes:'
  66.         for proc in procs:
  67.             if len(proc) > 0:
  68.                 print ' %s' % proc
  69.  
  70.     if 'gn(' in data:
  71.         cmdlist = base64.b64decode(data[3:data.find(')')]).split('\0')
  72.     else:
  73.         sys.exit()
  74.  
  75.     print 'Commands:'
  76.     for i in range(len(cmdlist)):
  77.         if len(cmdlist[i]) > 0:
  78.             if '\x01' in cmdlist[i][0]:
  79.                 print ' Download&Exec: %s' % cmdlist[i+3]
  80.             if '\x02' in cmdlist[i][0]:
  81.                 print ' Install plugin: %s' % cmdlist[i+3]
  82.             if '\x03' in cmdlist[i][0]:
  83.                 print ' Update bot: %s' % cmdlist[i+3]
  84.             if '\x04' in cmdlist[i][0]:
  85.                 print ' Delete all plugins'
  86.             if '\x05' in cmdlist[i][0]:
  87.                 print ' Uninstall bot'
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top