Creating an SSH Botnet
Now that you know how to create a port scanner and you are aware of how you can find
vulnerable targets, you can now proceed to exploit their vulnerabilities. One of the ways to do
this is to exploit the Secure Shell protocol (SSH) in order to get login credentials from clients.
What is a botnet?
Bots, as the name implies, are incredibly useful when it comes to automating
services in practically any device. Botnets, on the other hand, is a group of bots that are joined
together by a network which allows system administrators to efficiently do automated tasks over
an entire system of users that are connected together by a server or a local network. While botnets
are essentially tools for easy managing of several computers, they can also be tools that you can
use for unintended purposes, such as creating a DoS or DDoS (Distributed Denial of Service) that
may cause a website to load multiple times in a session or for commenting on social media sites
continuously.
Here is a program that will allow you to create your own botnet using another popular Python
library called Fabric, which will enable you to create an application called C&C (command and
control) that will allow you to manage multiple infected hosts over a secure shell host.
Creating the C&C
Assuming that you, as the attacker, already managed to compromise the SSH and already have
access to them. Assuming that the hosts credentials are stored in a file that has this format:
username@hostname:port password.
Now that you have these credentials, you will need to consider the functions that you need to
create. This may mean that you need to run a status check to see running hosts, make an interactive
shell session to communicate with a targeted host, and perform a command on selected hosts.
To begin, you will need to import every member of the namespace fabric.api:
After that, you will need to have the environment variables, env.passwords (maps the host strings
and the passwords that you can use) and env.hosts (manages the hosts’ master list), to be able to
manage all the hosts that you want to target. Once you have these setup, you will not have to enter
each password for each new connection.
Now that you have this setup, you can now proceed to running the commands. Here are the
functions that you can use to can use:
•local(command) – runs a command on the targeted local system
•sudo(command) – performs a shell command remotely using superuser (or admin)
privileges
•put(local_path, remote_path) – uploads files remotely
•open_shell() – pulls up an interactive shell remotely
•run(command) – performs a shell command remotely
•get(remote_path, local_path) – downloads files remotely
You can now create a function that will allow you to create a command string, and then run it.
Here’s the code to create the run_command:
Now, you can create a task that will allow you to make use of the run_command function, which
will enable you to check which hosts are active by executing the command called uptime:
To perform the other tasks, you will want to check which hosts you would want to give the other
commands or to create a shell session to. To be able to do this, you will need to create a menu
that will enable you execute the other tasks with the specified hosts using the execute function of
Fabric. Here is how this part of the code should look like:
Save the code as fabfile.py and then run it on the interpreter prompt. This is what the entire code
looks when you run it:
You will see that you were able to gain control of all the machines that you have access to.
Scraping Websites that Needs Login Credentials
If you want to mine data from a website, you will find that you will first need to log in before
being able to access any information that you want. This means that in order to get the data that
you need, you will first need to extract all the details that you need to login to your targeted
website.
Studying the Target Website
Here’s the scenario: you want to scrape data from the bitbucket site, which you can access by
logging in to bitbucket.org/account/signin. Since it is prompting you to supply user credentials,
you are unable to go into the website and mine the information that you want. As you may have
guessed, you will have to build a dictionary that will allow you to put in details for the log in.
In order to find out what you need to input the credentials that you need, you will need to inspect
the elements of the field “username or email”. You can do this by right-clicking on the field and
then selecting on “inspect element”.
Do the same for the password field:
Now, you are aware that you should be be using “username” and “password” as keys in your
dictionary, which should give you the corresponding credentials as value.
Next, search for an input tag that is hidden in the page source that is labeled
“csrfmiddlewaretoken”, which will provide you the key and value:
Create Your Code
Now that you know the requirements, you can now create the program that you need to build your
dictionary:
Save this as login_scraper.py and then run it on the interpreter prompt to get the credentials that
you need.
){kind=link}
0 Comments