Home 0P3N Blog Python Programming For Hackers (Part 6) - Creating SSH Botnet
Ready to Start Your Career?
Create Free Account
bjacharya s profile image
By: bjacharya
August 16, 2016

Python Programming For Hackers (Part 6) - Creating SSH Botnet

By: bjacharya
August 16, 2016
bjacharya s profile image
By: bjacharya
August 16, 2016
Python Programming For Hackers (Part 6) - Creating SSH Botnet - CybraryAnd again, Hello Cybrarians!Python Programming For Hackers (Part 6) - Creating SSH BotnetIn this part, I'll talk some theory on Botnet and then we'll see a basic SSH Botnet (including Python scripts and coding). > Before going to SSH Botnet, let's see the definition of Bot/Botnet first.Bot  Actually, it's created for automating services in devices like Androids, PC's, laptop's or any sort of computer system.BotNet : A Botnet is a collection of Bot's that are connected by a network.> If used in good way, it's the best approach. But, on other hand, it can be used by the bad guys for wrong purposes. Like, performing DoS/DDoS (Denial of Service Attack), for sending SPAM messages to lots of accounts randomly, for reloading web pages multiple times, for continuous commenting in social media sites, etc.  These are just few.> A command is given to each bot to perform specific task. It depends on how the creators/users want to carry out tasks or attacks. DDoS is carried out via Botnet (see above).> Legally, Botnets are used in various fields. Like, Cloud Computing, Image Processing, IRC, etc.> Compromised computers are examples of Illegal Botnets. Botnets used for DDoS's are mostly considered serious crimes and are illegal too.> Now, this line includes the tasks for you. Make a fine Google search on LOIC (Low Orbit Ion Cannon) & The Hive. Then process to next line. # Basic Working Mechanism of Botnet> There will be a collection of systems, which can be used to send commands randomly> The Main System sends a command for tasks to all of the Bots available in network and then machines execute the command.#Our ProjectOur project is to create a basic SSH Botnet, which will make a connection with SSH Server and help us in the execution of commands on that server. This will help in the management of different or more than one server on a particular network.Note: The Update Version (we will see later in this series) will allow for brute forcing and cracking of SSH Servers.#Now Coding for SSH Botnet BasicsLet's begin...Note: We'll be using Classes & Objects in Python. (If you're not familiar with Object Oriented Concepts of Python, then you may find this a bit difficult. But, once you start to follow my article, then I'm sure you will capture it.)> SSH - Secure Shell (Because it's Encrypted Remote Terminal Connection)> We must build SSH Server before we can actually run our botnet on that server. (Make a fine Google Search for setting up a SSH Server. If you can't set it up, then don't follow this article from this point. Before following this article, I highly recommend you to learn SSH Server Creation first. Don't panic, I'll show you how to install SSH later at final step in this article.)#How Our Botnet Works- We will use the Python pexpect library with pxssh module to connect to the SSH Server.- After a successful connection, we'll leave it live, so that it will wait for a command.- Then, we'll send commands to all of the connections open in BotNet.(Link to download pxssh.py used in this article will be available for download if and only if you ask it via comment. Make sure that downloaded file and code file [i.e. botnet.py] remains in same folder.)> We'll create a client class (to handle each of our connections)> And store each client in a list.Ok, lets get to our Ubuntu terminal for action.>> Open Terminal in Ubuntu.>> Open editor for writing .py file as given below.

ubuntu@bj:~/pythontut$ vim botnet.py  //creating .py file for writing our codes into.

//basic ssh botNet

// write following code

import pxssh  //calling pxssh module

class Client:  //defining class with name Client

def __init__(self, host, user, password):  // create initializer

self.host = host

        self.user = user

        self.password = password

        self.session = self.connect()   // for ssh session

 

def connect(self):    // connect method, takes self

try:    // incase our connection fails, program tries

s = pxssh.pxssh()

            s.login(self.host, self.user, self.password)

            return s  //if login done.

except Exception, e:  // if fails

print e

            print '[-] Error Connecting'

def send_command(self, cmd):   // another method, send_command

self.session.sendline(cmd) 

        self.session.prompt()   //informs our command is run

return self.session.before //process or return results.

def botnetCommand(command):  //function to send command

for client in botNet:

output = client.send_command(command) // to get output

print '[*] Output from ' + client.host // for displaying output

print '[+] ' + output //finally prints output

def addClient(host, user, password):      //adding client to botnet

client = Client(host, user, password)

    botNet.append(client)  // adding client session to botnet

botNet = []   //creating empty botnet list

addClient('127.0.0.1', 'ubuntu', 'pass') //adding loop back address as our client, 'ubuntu' is username and next one 'pass' is password

botnetCommand('ls -la') //lists everything of home directory

:wq // ok save this and quit.

 >> Now, we'll install/create basic ssh server in our system (ubuntu)

ubuntu@bj:~/pythontut$ sudo apt-get install ssh  //installing ssh

(takes about minute and done)

>> Now lets test our botnet

ubuntu@bj:~/pythontut$ python botnet.py 

>> The program returns with a list of everything in the home directory. This is what we've written in our basic botnet.#In the next part of this series, we'll perform SSH BruteForce.
Article By : Bijay Acharya (CEHv9. Trained Personnel)Follow writer in twitter : twitter.com/acharya_bijayWebsite : bijayacharya.com
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry