Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NXcrypt - Encrypt Python backdoors to bypass AntiVirus
- NXcrypt
- NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene (h4d3s) . The output is fully undetectable .
- NXcrypt can inject malicious python file into a normal file with multi-threading system .
- Run it with superuser's permissions .
- NXcrypt output is Fully undetectable .
- Backdooring Module:
- Encryption Module:
- Installation
- git clone https://github.com/Hadi999/NXcrypt
- cd NXcrypt
- sudo python NXcrypt.py [options]
- Usage :
- * Example: Encrypt backdoor.py and output file is output_backdoor.py
- sudo python NXcrypt.py --file=backdoor.py --output=output_backdoor.py
- * Example: Encrypt shell.py and default output file is backdoor.py but you can edit it in source code
- sudo python NXcrypt.py --file=shell.py
- * Example: Inject payload.py with test.py into hacked.py with multi-threading system
- sudo python NXcrypt.py --backdoor-file=payload.py --file=test.py --output=hacked.py
- * NXcrypt help: sudo python NXcrypt.py --help
- gravityfalls@GitHackTools:~/nxcrypt$ sudo python NXcrypt.py --help
- Usage: NXcrypt.py [options]
- Options:
- -h, --help show this help message and exit
- -f FILE, --file=FILE python file
- -o OUT, --output=OUT output of python file
- -b BACKDOOR, --backdoor-file=BACKDOOR
- malicious python file to inject into normal file with
- multi-threading system
- How it work ?
- Encryption module:
- * NXcrypt add some junkcode .
- * NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file .
- * NXcrypt convert .pyc file into normal .py file .
- * And in this way we can obfuscate the code
- * The md5sum will change too
- Injection module: It inject a malicious python file into a normal file with multi-threading system .
- Test with Virustotal
- Before:
- SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163
- File name: facebook.py
- Detection ratio: 2/54
- After:
- SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add
- File name: facebook_encrypted.py
- Detection ratio: 0/55
- Credits: All Credits go to Suspicious Shell Activity team
- Video Tutorial: https://www.youtube.com/watch?v=s8Krngv2z9Q
- Download NXcrypt: https://github.com/Hadi999/NXcrypt
Add Comment
Please, Sign In to add comment