EvilZone
Programming and Scripting => Projects and Discussion => : pyte June 05, 2013, 02:02:19 PM
-
I have this idea though how to go about it is a thing unclear ..
Project name: Root Control
Timeline: 1 Month
Language: Python
Author : pyte
Contributors: EZ community
I intend to write a script that will and should:
1. Execute with a single click and on the background
2. Assume root control, on windows all administrative rights
3. Allow remote control without necessarily displaying anything on the client's end
I'm running a business that handles a lot of data with a high level of sensitivity and i feel i should be in control of everything in every connected client for simpler administration.
i know there are applications both opensource and commercial but the confidence in one from my mind would be even better.
Being new in programming as a whole il'd use some help on how to do this.
May intentions are to see this program on EZ releases some day.
-
I have this idea though how to go about it is a thing unclear ..
Project name: Root Control
Timeline: 1 Month
Language: Python
Author : pyte
Contributors: EZ community
I intend to write a script that will and should:
1. Execute with a single click and on the background
2. Assume root control, on windows all administrative rights
3. Allow remote control without necessarily displaying anything on the client's end
I'm running a business that handles a lot of data with a high level of sensitivity and i feel i should be in control of everything in every connected client for simpler administration.
i know there are applications both opensource and commercial but the confidence in one from my mind would be even better.
Being new in programming as a whole il'd use some help on how to do this.
May intentions are to see this program on EZ releases some day.
You might pick up some Python programming for hackers books like gray hat python.
Though the hardest part would be getting root access. You will need tricks for that :)
-
You might pick up some Python programming for hackers books like gray hat python.
Though the hardest part would be getting root access. You will need tricks for that :)
The root access part raises concern to everyone i have shared the issue with.
would you have a particular book in mind?
-
The root access part raises concern to everyone i have shared the issue with.
would you have a particular book in mind?
Gray hat python, Also take a look in evilzone's Ebook section ;)
-
i'm on it!
-
I guess it would technically be possible to do this with Python, but really?
If you're going to write something (potentially) malicious like this, it's time to go for something more low-level and universal: C.
-
I guess it would technically be possible to do this with Python, but really?
If you're going to write something (potentially) malicious like this, it's time to go for something more low-level and universal: C.
First, i believe this could be a very malicious piece of code but also i feel there can be good use of the same.
thanks about the C suggestion though i have never even taken a look at the language ::) .guess il have to read a lot.
-
First, i believe this could be a very malicious piece of code but also i feel there can be good use of the same.
thanks about the C suggestion though i have never even taken a look at the language ::) .guess il have to read a lot.
Go with python. It will be a lot easier to learn and and easier to code. Also sockets in python are extremely simple.
-
Using python for crafting malicious Windows apps is not ideal as Windows does not have a python interpreter by default. If you already have the chance to install an interpreter, then you already have administrative rights.
If you are going to handle sensitive information, are you sure a completely open backdoor, developed by you with no experience in this matter, is the best way to go?
Basically what you want to craft is a rootkit, you should try out the "Designing BSD rootkits", I believe it's in the book section.
-
Using python for crafting malicious Windows apps is not ideal as Windows does not have a python interpreter by default. If you already have the chance to install an interpreter, then you already have administrative rights.
That's the gist of it.
Know your platform.
-
Using python for crafting malicious Windows apps is not ideal as Windows does not have a python interpreter by default. If you already have the chance to install an interpreter, then you already have administrative rights.
If you are going to handle sensitive information, are you sure a completely open backdoor, developed by you with no experience in this matter, is the best way to go?
Basically what you want to craft is a rootkit, you should try out the "Designing BSD rootkits", I believe it's in the book section.
I believe py2exe takes care of that .take a look here (http://michael-stengel.com/blog/?p=147). on the other hand i believe this will be good for my experience building ;) . why? this is coz il have time to give it a try before implementing and also since il code the thing myself, il be clear in its operations too.
Go with python. It will be a lot easier to learn and and easier to code. Also sockets in python are extremely simple.
Ive had a look at python and i'm now giving it my very best (5-6 hrs) i'm sure i'll be ok soon.
That's the gist of it.
Know your platform.
As i hinted before, there can be packaging done to make the app a stand alone working either on windows or Linux with or without python installed. i also think i can add a script to download and install the interpreter before.(this could be by use of PhP or some other language.)
-
I believe py2exe takes care of that .take a look here (http://michael-stengel.com/blog/?p=147). on the other hand i believe this will be good for my experience building ;) . why? this is coz il have time to give it a try before implementing and also since il code the thing myself, il be clear in its operations too.
Yeah sure, everything that can be interpreted can be compiled. As long as the language is turing complete, you can compile it and make it run on any platform.
The problem is efficiency, stealth, and a low foot print - you don't get either by compiling python to PE or ELF.
I'm not too familiar with the workings of py2exe, does it include it's own interpreter or does it compile the python script to assembly?
I like your idea for learning purposes, but keep it like that. When you have written your application and have the general idea, go do it in C.
-
Yeah sure, everything that can be interpreted can be compiled. As long as the language is turing complete, you can compile it and make it run on any platform.
The problem is efficiency, stealth, and a low foot print - you don't get either by compiling python to PE or ELF.
I'm not too familiar with the workings of py2exe, does it include it's own interpreter or does it compile the python script to assembly?
I like your idea for learning purposes, but keep it like that. When you have written your application and have the general idea, go do it in C.
According to what i have learnt, py2exe (http://www.py2exe.org/) compiles python scripts completely . The compiling process should end with creating two folders (‘build’ and ‘dist’).
You only need to deploy the content of ‘dist’.
that way i have tried and it does work well even for machines with no python compiler.
about the efficiency , stealth and low footprint am yet to try with the script i intend to write so i have no idea of how it reacts. :(
i wrote a small script to walk a directory , locate a .txt file and email it .i packaged it with the help of py2exe tool and it does work on my desktop which has no python installed.i hope this happens with my current project.
-
C is surely the best option.
py2exe doesn't do any compiling; it packages a Python distribution coupled with your .py scripts and wraps them with a native launcher. I did a much simpler, similar (binary wrapped as a sh), thing here: http://evilzone.org/scripting-languages/(python)-convert-binary-to-ascii/msg58640/#msg58640 (http://evilzone.org/scripting-languages/(python)-convert-binary-to-ascii/msg58640/#msg58640)
You might want to look at http://www.cython.org/ (http://www.cython.org/). Cython is a language that aims to be compilable Python. It compiles Python code to C and from there compiles to a native executable. But you will probably need to learn C in order to use it well and statically linking a Cython project looks like a huge pain the ass.
If you still want something super high-level for writing malware, try REBOL (http://www.rebol.com/ (http://www.rebol.com/)). Last time I used it (long ago) they had a very simple way of making cross-platform, standalone executable scripts and a terrible security model that made making trojans easy.