Skip to content

LuD1161/MyPythonAdministrationTool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits

Client.py

Client.py

 
 

Constants.py

Constants.py

 
 

README.md

README.md

 
 

passwords.py

passwords.py

 
 

rtc.php

rtc.php

 
 

socks.py

socks.py

 
 

upload.php

upload.php

 
 

utils.py

utils.py

 
 

zip.py

zip.py

 
 

Repository files navigation

MyPythonMalware

Learning Python Interaction With Windows

Features :

  • 2 Way interaction without public IP ( without global IP ) : Upto some extent using the 'rtc.php' file as mediator (need to implement database for commands specific to a particular bot ) 
  • Can work on any free webhosting service provider , (check the list )
  • PHP script can automatically create folders based on the unique 'botId' created and sent by the bot
  • Persistent ( otherwise what use it is as bot )
  • Send identification details such as :
    • MAC address
    • Locale ( such as en-IN or en-US )
    • Public IP
    • Platform (x86 or x86_64)
    • Architecture
    • Node Name in the network
  • Thread Implementation for :
    • Sending the loot
    • Keylogger ( so that we don't miss that important key )
    • Receiving Command
  • Steal passwords from Google Chrome
  • Automatic spreading by copying to USB and creating shortcuts of pre-existing files
  • Sends MD5 hash of the file , before uploading the original file so as to check for any bad upload
  • Retries until the file is uploaded ( which is checked using the checksum sent earlier )
  • Screenshots : Takes screenshots based on the URL of the webpage ( this needs to be polished )
  • Search command on the Bot side to search for the files
  • CMD commands can be executed by the bot

The main file is the 'Client.py' , which needs to be compiled and run on the user's machine , it has been tested on my PC and works out to be fine.

How spreading works

First the malware copies itself to the USB.
Then it creates shortcut of each file linking it to the malware's executable.
The shortcut's opening link contains the path to the malware with an extra parameter as the original file.
When the malware executable is run then , first it executes the malware and then restores all the files , in turn opening the file clicked. Thus not making the user suspicious ;) .

Disclaimer

Any actions and or activities related to the material contained within this website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the information on this website to break the law.

This site may contain links to materials that can be potentially damaging or dangerous.

About

Just another ( stealthy ) administration tool ( is it ? ;) )

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages