ExplosiveScripts/CNCUpdater2.py at master · ynvb/ExplosiveScripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import tornado.httpserver
import tornado.ioloop
import time
import ExplosiveEnc


CNC_IP = "1.2.3.4"
CNC_PORT = "1234"

def getUpdaterResponse(ip, port):
    """
    Get a string with a valid C&C updater response
    """
    template = """<HTML>
  <BODY>
    Default updater response
  </BODY>
  {1.2.3.4}"""

    ip_section = ""
    port_section = ""

    if ip:
        ip_section = "<IP>%s</IP>" % ExplosiveEnc.encode_conf(ip)

    if port:
        port_section = "<PORT>%s</PORT>" % ExplosiveEnc.encode_conf(port)

    template += "\n %s \n %s" % (ip_section, port_section)
    template += "\n</HTML>\n\n"

    return template

def getDefaultResponse():
    """
    Get a default web server response
    """
    return """<HTML>
  <BODY>
    Default updater response
  </BODY>
</HTML>"""


def HandleStaticUpdater(request):
    """
    Static C&C Updater Handler
    """
    print "[*] %s Got Static C&C Updater request %s" % (time.ctime(), request.uri)
    print "\t[+] Host: %s" % request.host

    message = getUpdaterResponse(CNC_IP, CNC_PORT)
    request.write("HTTP/1.1 200 OK\r\nContent-Length: %d\r\n\r\n%s" % (len(message), message))

def HandleDynamicUpdater(request):
    """
    Dynamic C&C Updater Handler
    """
    print "[*] %s Got Static C&C Updater request: %s" % (time.ctime(), request.uri)
    print "\t[+] Host: %s" % request.host

    message = getUpdaterResponse(CNC_IP, CNC_PORT)
    request.write("HTTP/1.1 200 OK\r\nContent-Length: %d\r\n\r\n%s" % (len(message), message))

def IPCheckHandler(request):
    """
    IP Check handler
    """
    print "[*] %s Got External IP Check request \ Other request: %s" % (time.ctime(), request.uri)
    print "\t[+] Host: %s" % request.host

    message = getDefaultResponse()
    request.write("HTTP/1.1 200 OK\r\nContent-Length: %d\r\n\r\n%s" % (len(message), message))


def handle_request(request):

    if "?win=1" in request.uri:
        HandleStaticUpdater(request)

    elif "?win=4" in request.uri:
        HandleDynamicUpdater(request)

    else:
        IPCheckHandler(request)

    request.finish()

http_server = tornado.httpserver.HTTPServer(handle_request)
http_server.listen(80)
tornado.ioloop.IOLoop.instance().start()