EvilZone
Community => General discussion => : Cylar March 25, 2015, 04:27:34 PM
-
Hello there i was wondering if anyone wanted to code a python (RAT),
I can allready code one i was just wondering if anyone wanted to help and maybe improve it.
I want it to be able to do as much as a .NET (RAT).
Python has a webcam Library that i am looking at.
Functions that i will include are:
*Keylogger
*Message Pop Up
*Play sound
*Dos
*Remote Shutdown
*Port scans
*And Much more.
-
How do you intend to protect the RAT from reverse-engineering? Python does not seem to be a good choice for this purpose as all implementations rely on intermediate code (pyc for CPython, CIL for IronPython, Bytecode for Jython) instead of machine code compilation.
-
Encode it.
Pretty simple answer.
-
If you'd encode it, you'd need to add a line specifying the encoding at the beginning of the file, so the python interpreter would know how to decode it again, so it can be interpreted afterwards. And any human could just check that line, and decode it using some tools, and thus get the source code once again...
So I assume you meant encrypting it. But what and how would decrypt it again? How do you plan on storing the key, so it couldn't be found easily, and thus the python file be decrypted easily?
Python isn't made for such things... If you plan on infecting more than one tech-illiterate person with it, then you should go for compiled languages. And no, "compiling" python isn't an answer to that, as there're decompilers for all python freezers out there...
-
Well i mean it's just a project but if i wanted to encrypt it then.
I would probably convert it into a .exe file exstention and encrypt it that way.
Or i would use metasploit payload encoded payloads and infect with a peice of shellcode.
Either way there is allways a way no matter what and thats the beauty of hacking is to find
a way people have not found before or even thought of.
-
Well i mean it's just a project but if i wanted to encrypt it then.
I would probably convert it into a .exe file exstention and encrypt it that way.
Or i would use metasploit payload encoded payloads and infect with a peice of shellcode.
Either way there is allways a way no matter what and thats the beauty of hacking is to find
a way people have not found before or even thought of.
Did you even read what I wrote? "Turning python into a .exe file" doesn't protect against reverse-engineering at all. There are decompilers/unpackers for every tool out there that freezes python code into a PE. And this is usually done by embedding an
interpreter in the executable.
So if you'd use that executable as a payload in another file using metasploit, the file size would increase quite a lot, wich is pretty suspicious if you ask me..
-
It's just a project.
I will properly think it threw when that time comes but at the moment its a project
Nothing more.
-
It's just a project.
I will properly think it threw when that time comes but at the moment its a project
Nothing more.
Actually these people are wrong, you can code a perfectly good rat in python, you just have to be clever about the way you code it.
The encryption can be done in a way that it must retrieve the key from a remote location you control, and you can make a system where you only host the key when you know a bot will be asking for it legitimately.
Python rats are awesome because they are easy to code, easy to write plugins for, powerful, undetectable (again, when done right) and extremely quick to write.
Don't listen to compiled language snobs, go and code your rat, it is perfectly possible and if you do it right, will be the same quality or higher than any crap written in C that is thousands of lines long and takes months to write.
PM me if you need any tips, just make sure you share it with the world so we can prove these people wrong.
;)
-
As mentioned before, if you want to have something usable, not to mention the bloated binary once you compile it. Python is NOT the way to go about this and it looks to me that you're just too lazy to learn WinAPI calls and do raw C++.
I suppose it's good for prototyping, but nothing more when it comes to malware.
derp
Uhh... interpreted will never beat compiled, that's a fact.
-
herp
Yeah because everyone knows apples will never beat basketballs, that's a fact.
-
Actually these people are wrong, you can code a perfectly good rat in python, you just have to be clever about the way you code it.
The encryption can be done in a way that it must retrieve the key from a remote location you control, and you can make a system where you only host the key when you know a bot will be asking for it legitimately.
Python rats are awesome because they are easy to code, easy to write plugins for, powerful, undetectable (again, when done right) and extremely quick to write.
Don't listen to compiled language snobs, go and code your rat, it is perfectly possible and if you do it right, will be the same quality or higher than any crap written in C that is thousands of lines long and takes months to write.
PM me if you need any tips, just make sure you share it with the world so we can prove these people wrong.
;)
Sometimes I have real hard trouble knowing if people troll or not. Why not just all start writing our mallware in something awesome like this http://pythonnet.sourceforge.net/ ?
-
You guys don't see the artistic side of the malware creation. And who dafuq writes malware with dependencies on frameworks like .NET?
-
Sorry did OP ask for your opinions on if python is a good language to write malware in?
No that's right, he didn't. He asked for help and ideas coding a PYTHON rat.
So why don't you very respectable admins stop derailing this guys thread and go and make yourself a bitch a moan thread, where you can bitch and moan about python all you want.
Or even better make a thread with your source code for a C/C++ rat, and explain why you think that it's better?
All i'm hearing is a bunch of whiny elitist garbage about my football team is better because I say so.
LOL.
-
some rant shit
You might have a point there... I usually get carried away with such questions, because I don't particularly agree with the idea itself.
So I apologize OP for that :P
-
You might have a point there... I usually get carried away with such questions, because I don't particularly agree with the idea itself.
So I apologize OP for that :P
Well, we were not talking about Python as a bad language for mallware but kicking the OP because he was like, "Yes just encode it" "py2exeftw" "l33t" "oh okay".
I'd love to see creative mallware in python! You could even write polymorphic mallware in python i suppose. Do ET!
-
Well i mean it's just a project but if i wanted to encrypt it then.
I would probably convert it into a .exe file exstention and encrypt it that way.
Or i would use metasploit payload encoded payloads and infect with a peice of shellcode.
Either way there is allways a way no matter what and thats the beauty of hacking is to find
a way people have not found before or even thought of.
So basically, you have no idea yet. (The "protection mechanisms" you mention here are not sufficient and all of them involve the use of third-party tools )
You may not care about the protection if it is just for fun, but you may still consider that a lot of real projects started as a for-fun project and yours is not a small one.
Just something to think about before you invest a lot of time.
You guys don't see the artistic side of the malware creation. And who dafuq writes malware with dependencies on frameworks like .NET?
A lot. A lot lot. I get .NET samples everywhere and all the time at work. No one cares about a dependency that is installed on almost all Windows machines.
-
ill admit when i saw the title i said to myself "here's a BoS winner"... the project actually sounds fun. what would you like help with?
-
A lot. A lot lot. I get .NET samples everywhere and all the time at work. No one cares about a dependency that is installed on almost all Windows machines.
Is that so? sounds like something HF tards would churn out with VB.NET. If that's the case, let's just make malware in Java eh? it's preinstalled on ALMOST all of the windows machines, not to mention special machines!
Hmm... the tendencies might have changed in the years since I last checked my info, but I still believe it's stupid.
Python is not really the ideal language if you're going to be writing malware, it is a interpreted language and is not compiled into machine code. Therefore making it extremely easy to reverse engineer. Using Python obfuscater's and packing software is not going to stop it in anyway mate.
Since some people are saying obfuscation a lot, here's a thread from the past discussions: https://evilzone.org/scripting-languages/%28question%29-obfuscating-python/
-
The pyRat Will not be in CLI mode.
I will code it GUI.
I will get to encryption later there are encryption libarys in python.
Just because the file size is bigger that doesnt mean anything.
The bigger the better if you see a file the size of 300kb = Rat <----
Now if you seen some leggit looking program like setup.exe = 12mb <---- Looks more leggit
-
Is that so? sounds like something HF tards would churn out with VB.NET. If that's the case, let's just make malware in Java eh? it's preinstalled on ALMOST all of the windows machines, not to mention special machines!
Java is actually not a bad idea, because most AV companies have no support at all to create proper signatures for Java .class or .jar files.
That means they usually have to resort to blacklisting Java malware which means you can reFUD your file by just changing one little thing in your code. Imagine that in combination with metamorphism and you have a piece of malware that should evade detection for a long time and run on most machines. Malware analysts rip their hair out because of this, these files are easily reverse-engineered, but there is no use, if you cannot create proper detections for them.
What d4rkcat told about Python is basically similar to this situation, but I don't know how far you can actually spread Python malware this way.