Python Programming For Hackers (Part 6) – Creating SSH Botnet

August 16, 2016 | Views: 46700

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

And again, Hello Cybrarians!

Python Programming For Hackers (Part 6) – Creating SSH Botnet

In this part, I’ll talk some theory on Botnet and then we’ll see a basic SSH Botnet (including Python scripts and coding).

 

> Before going to SSH Botnet, let’s see the definition of Bot/Botnet first.

Bot  Actually, it’s created for automating services in devices like Androids, PC’s, laptop’s or any sort of computer system.

BotNet : A Botnet is a collection of Bot’s that are connected by a network.

> If used in good way, it’s the best approach. But, on other hand, it can be used by the bad guys for wrong purposes. Like, performing DoS/DDoS (Denial of Service Attack), for sending SPAM messages to lots of accounts randomly, for reloading web pages multiple times, for continuous commenting in social media sites, etc.  These are just few.

> A command is given to each bot to perform specific task. It depends on how the creators/users want to carry out tasks or attacks. DDoS is carried out via Botnet (see above).

> Legally, Botnets are used in various fields. Like, Cloud Computing, Image Processing, IRC, etc.

> Compromised computers are examples of Illegal Botnets. Botnets used for DDoS’s are mostly considered serious crimes and are illegal too.

> Now, this line includes the tasks for you. Make a fine Google search on LOIC (Low Orbit Ion Cannon) & The Hive. Then process to next line.

 

# Basic Working Mechanism of Botnet

> There will be a collection of systems, which can be used to send commands randomly

> The Main System sends a command for tasks to all of the Bots available in network and then machines execute the command.

#Our Project

Our project is to create a basic SSH Botnet, which will make a connection with SSH Server and help us in the execution of commands on that server. This will help in the management of different or more than one server on a particular network.

Note: The Update Version (we will see later in this series) will allow for brute forcing and cracking of SSH Servers.

#Now Coding for SSH Botnet Basics

Let’s begin…

Note: We’ll be using Classes & Objects in Python. (If you’re not familiar with Object Oriented Concepts of Python, then you may find this a bit difficult. But, once you start to follow my article, then I’m sure you will capture it.)

> SSH – Secure Shell (Because it’s Encrypted Remote Terminal Connection)

> We must build SSH Server before we can actually run our botnet on that server. (Make a fine Google Search for setting up a SSH Server. If you can’t set it up, then don’t follow this article from this point. Before following this article, I highly recommend you to learn SSH Server Creation first. Don’t panic, I’ll show you how to install SSH later at final step in this article.)

#How Our Botnet Works

– We will use the Python pexpect library with pxssh module to connect to the SSH Server.

– After a successful connection, we’ll leave it live, so that it will wait for a command.

– Then, we’ll send commands to all of the connections open in BotNet.

(Link to download pxssh.py used in this article will be available for download if and only if you ask it via comment. Make sure that downloaded file and code file [i.e. botnet.py] remains in same folder.)

> We’ll create a client class (to handle each of our connections)

> And store each client in a list.

Ok, lets get to our Ubuntu terminal for action.

>> Open Terminal in Ubuntu.

>> Open editor for writing .py file as given below.

ubuntu@bj:~/pythontut$ vim botnet.py  //creating .py file for writing our codes into.

//basic ssh botNet

// write following code

import pxssh  //calling pxssh module

class Client:  //defining class with name Client

def __init__(self, host, user, password):  // create initializer

self.host = host

        self.user = user

        self.password = password

        self.session = self.connect()   // for ssh session

 

def connect(self):    // connect method, takes self

try:    // incase our connection fails, program tries

s = pxssh.pxssh()

            s.login(self.host, self.user, self.password)

            return s  //if login done.

except Exception, e:  // if fails

print e

            print ‘[-] Error Connecting’

def send_command(self, cmd):   // another method, send_command

self.session.sendline(cmd) 

        self.session.prompt()   //informs our command is run

return self.session.before //process or return results.

def botnetCommand(command):  //function to send command

for client in botNet:

output = client.send_command(command) // to get output

print ‘[*] Output from ‘ + client.host // for displaying output

print ‘[+] ‘ + output //finally prints output

def addClient(host, user, password):      //adding client to botnet

client = Client(host, user, password)

    botNet.append(client)  // adding client session to botnet

botNet = []   //creating empty botnet list

addClient(‘127.0.0.1’, ‘ubuntu’, ‘pass’) //adding loop back address as our client, ‘ubuntu’ is username and next one ‘pass’ is password

botnetCommand(‘ls -la’) //lists everything of home directory

:wq // ok save this and quit.

 

>> Now, we’ll install/create basic ssh server in our system (ubuntu)

ubuntu@bj:~/pythontut$ sudo apt-get install ssh  //installing ssh

(takes about minute and done)

>> Now lets test our botnet

ubuntu@bj:~/pythontut$ python botnet.py 

>> The program returns with a list of everything in the home directory. This is what we’ve written in our basic botnet.

#In the next part of this series, we’ll perform SSH BruteForce.


Article By : Bijay Acharya (CEHv9. Trained Personnel)

Follow writer in twitter : twitter.com/acharya_bijay

Website : bijayacharya.com

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
22 Comments
  1. graat article!

  2. Awesome…

    That’s my research work when I was in High School. 🙂

Page 2 of 5«12345»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 868 / December 14, 2019
How do I Get MTA Certified?
Views: 1423 / December 12, 2019
How much does your PAM software really cost?
Views: 1860 / December 10, 2019
How Do I Get into Android Development?
Views: 2249 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel