-
Notifications
You must be signed in to change notification settings - Fork 35
/
dga.py
41 lines (33 loc) · 1.04 KB
/
dga.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
'''
DGA of XshellGhost
'''
import argparse
from datetime import datetime
from ctypes import c_uint
def dga(year, month, nr, tlds):
_year = c_uint(year)
_month = c_uint(month)
seed = c_uint(0)
print(_year.value)
print(_month.value)
seed.value = 0x90422a3a * _month.value
print("%x" %(seed.value))
seed.value -= 0x39d06f76 * _year.value
print("%x" %(seed.value))
seed.value -= 0x67b7fc6f
print("%x" %(seed.value))
sld_len = seed.value % 6 + 10
sld = ''
for i in range(sld_len):
sld += chr(seed.value % 0x1a + ord('a'))
seed.value = 29 * seed.value + 19
domain = sld + '.' + tlds[0]
print(domain)
if __name__=="__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-t', '--time', help="Seconds since January 1, 1970 UTC")
parser.add_argument("-n", "--nr", help="nr of domains to generate")
args = parser.parse_args()
tlds = ['com']
d = datetime.utcfromtimestamp(int(args.time))
dga(d.year, d.month, int(args.nr), tlds)