API tools faq
paste
TVT618

NXcrypt - Encrypt Python backdoors to bypass AntiVirus

TVT618
May 25th, 2018
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. NXcrypt - Encrypt Python backdoors to bypass AntiVirus
  2.  
  3. NXcrypt
  4. NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene (h4d3s) . The output is fully undetectable .
  5. NXcrypt can inject malicious python file into a normal file with multi-threading system .
  6. Run it with superuser's permissions .
  7. NXcrypt output is Fully undetectable .
  8.  
  9. Backdooring Module:
  10.  
  11. Encryption Module:
  12.  
  13. Installation
  14. git clone https://github.com/Hadi999/NXcrypt
  15. cd NXcrypt
  16. sudo python NXcrypt.py [options]
  17.  
  18. Usage :
  19. * Example: Encrypt backdoor.py and output file is output_backdoor.py
  20. sudo python NXcrypt.py --file=backdoor.py --output=output_backdoor.py
  21. * Example: Encrypt shell.py and default output file is backdoor.py but you can edit it in source code
  22. sudo python NXcrypt.py --file=shell.py
  23. * Example: Inject payload.py with test.py into hacked.py with multi-threading system
  24. sudo python NXcrypt.py --backdoor-file=payload.py --file=test.py --output=hacked.py
  25.  
  26. * NXcrypt help: sudo python NXcrypt.py --help
  27.  
  28. gravityfalls@GitHackTools:~/nxcrypt$ sudo python NXcrypt.py --help
  29. Usage: NXcrypt.py [options]
  30.  
  31. Options:
  32. -h, --help show this help message and exit
  33. -f FILE, --file=FILE python file
  34. -o OUT, --output=OUT output of python file
  35. -b BACKDOOR, --backdoor-file=BACKDOOR
  36. malicious python file to inject into normal file with
  37. multi-threading system
  38.  
  39. How it work ?
  40. Encryption module:
  41. * NXcrypt add some junkcode .
  42. * NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file .
  43. * NXcrypt convert .pyc file into normal .py file .
  44. * And in this way we can obfuscate the code
  45. * The md5sum will change too
  46.  
  47. Injection module: It inject a malicious python file into a normal file with multi-threading system .
  48.  
  49. Test with Virustotal
  50. Before:
  51. SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163
  52. File name: facebook.py
  53. Detection ratio: 2/54
  54.  
  55. After:
  56. SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add
  57. File name: facebook_encrypted.py
  58. Detection ratio: 0/55
  59.  
  60. Credits: All Credits go to Suspicious Shell Activity team
  61.  
  62. Video Tutorial: https://www.youtube.com/watch?v=s8Krngv2z9Q
  63.  
  64. Download NXcrypt: https://github.com/Hadi999/NXcrypt
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!