EvilZone
Programming and Scripting => Projects and Discussion => : somegrass November 12, 2012, 10:45:20 AM
-
I'm considering converting/rebuilding the Zeus botnet in python and hosting it as an open source python project. Is there any support for this? BTW, the reason I want to do this is to increase development time(python programming tends to be far faster than c++) and to expand the capabilitys of the Zeus framework(I.e. embed a javascript or lua scripting engine, bitcoin mining, exploit database, etc.) I also want to make a large move toward peer to peer networking. Any comments, questions, support, etc.. would be amazing!! And let me know if anyone is interested in getting involved!
-
Do you have any clue what zeus is ?, do you have any clue what mallware programming is?
-
I'm going to reply to that with a simple yes to both. What's your point?
-
Zeus is not some kind of hacking tool/bot. It is used by big crime organizations and loads of CCers. Writing this in python would take all the power away from zeus. Unless you are going to convert everything to the python c libs, but that is just plain stupid.
Python is for scripting, not for programming a huge enterprise virus. You might script a server, but not the bot.
-
Python is perfectly legitimate language to write a botnet in. There is very little you can c++ that you can't do in python and then py2exe into an executable. In fact its a better language to write a botnet in.
-
I am just advising you, you don't have to listen to me. Tough i advise you to :D.
Just try it, but i will say, c++ runs much lower than python. Python is written in c/c++. You will learn much more from writing this in c/c++ than in python.
" In fact its a better language to write a botnet in." Die please :D.
-
Python is perfectly legitimate language to write a botnet in. There is very little you can c++ that you can't do in python and then py2exe into an executable. In fact its a better language to write a botnet in.
You're wrong. I know both extremely well. Python is not a good language for anything but scripting minor stuff. You can script web servers or servers in it but that's about it in my opinion. C++ is a way better language for rewriting malware in. Python does not have support for process obfuscation very easily. Python is also very easy for antivirus to spot and eliminate because it's an interpreted language. C++ is a lot easier to obfuscate and prevent from being detected than python is even though obfuscation is hard anyways. If you really want to do this, you *will* fail. Not a you *might* but a you *will*. So please, do us a favor and learn more before declaring idiotic things. Thank you.
-
Python is not a good language for anything but scripting minor stuff.
Care to elaborate ?
-
Ah. You make good points. *I tip my hat to you sir* And although I also consider myself to be very good at both languages granted, I am relatively new to malware writing. Also, thank you for not being so brutal. Anyway, the question then becomes, how unfesible would it be to extend the framework with say an ironpython dll. (I admit, I am of the opinion that there are very few projects that can't be done far faster with python.)
-
Ah. You make good points. *I tip my hat to you sir* And although I also consider myself to be very good at both languages granted, I am relatively new to malware writing. Also, thank you for not being so brutal. Anyway, the question then becomes, how unfesible would it be to extend the framework with say an ironpython dll. (I admit, I am of the opinion that there are very few projects that can't be done far faster with python.)
What you would have to do is create your own python interpreter with the source code hard coded and then compile that all into an executable yourself. (write the interpreter in C++ or something). Basically it's so much more work than just using C++ it's so unfeasible that I would never even attempt to do it.
Care to elaborate ?
That's just my opinion. I can't think of anything which isn't faster and easier to do in C++ than some minor scripting stuff. I'm talking about advanced things btw. Python is great for minor, non-advanced, stuff like simple brute forcers, simple servers, etc. but when you get to stuff like malware writing and extendible plugins it's easier to just use C++ or C as you can always use SWIG for plugins in languages such as python, java, etc. I would never use anything but C++, C, or Obj-C for the base language of a plugin-based program. However, this is my opinion, it can be done. I just personally think it's a lot harder and messier.
-
@bluechill
Thank you for the explanation.
-
Python is not only good for small scripts. It can be used for very large projects, even full 3d games. I will, however agree that c/++ is better for a botnet. Wayyy better. But go for it. It will be a good learning experience.
-
Python is not only good for small scripts. It can be used for very large projects, even full 3d games. I will, however agree that c/++ is better for a botnet. Wayyy better. But go for it. It will be a good learning experience.
It *can* be but they're usually very slow and usually a lot more trouble than just using Open GL directly in C or C++.
-
Yeah, python is a great prototyping tool; but Java or C#/C++ is a far better option for writing malware.
At one point I wrote a keylogger in python; which was near useless due to the fact that the target either needed a python interpreter already or I needed to slipstream it into an .exe which usually ended up around 7mb's in size. It just made it too unwieldy to be used in any real situation.
With Java or C*; your program becomes machine code/bytecode, which is a lot better than interpreting commands. Since most malware works simply by leveraging issues in the windows API, there is just no reason to want to use python except ease of initial programming.
-
Yeah, python is a great prototyping tool; but Java or C#/C++ is a far better option for writing malware.
At one point I wrote a keylogger in python; which was near useless due to the fact that the target either needed a python interpreter already or I needed to slipstream it into an .exe which usually ended up around 7mb's in size. It just made it too unwieldy to be used in any real situation.
With Java or C*; your program becomes machine code/bytecode, which is a lot better than interpreting commands. Since most malware works simply by leveraging issues in the windows API, there is just no reason to want to use python except ease of initial programming.
The keylogger might be of some use on Linux boxes where python is usually pre-installed.
-
Thanks for the input everybody! I will probably at least toy around with trying to rebuild some of the lowlevel zeus functionality in python (e.g. HttpSendRequest hooking and process injection) and see if I get anywhere for the learning experience if for nothing else. I actually wrote and compiled(py2exe) a keylogger in python that took a screenshot eveytime a key was clicked(needless to say, it took forever to type anything...) so I am not going into this project without a good amount of experience.
@Ragehottie (http://evilzone.org/profile/?u=4556) is that your blog?? I ran across it about a month ago. Big fan. Is there any way I could get a copy of that rootkit source?
-
Also, @bluechill (http://evilzone.org/profile/?u=84) there are tons of examples of very large projects written in python.
http://wiki.python.org/moin/LargePythonProjects (http://wiki.python.org/moin/LargePythonProjects)
Threre is a even an os built around python: http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml (http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml)
My point being, python is not just for small programs and scripts but is also just as capable of being used in arbitrarly large projects.
-
Google services run python and the python creator works at google. How about that?
-
Also, @bluechill (http://evilzone.org/profile/?u=84) there are tons of examples of very large projects written in python.
http://wiki.python.org/moin/LargePythonProjects (http://wiki.python.org/moin/LargePythonProjects)
Threre is a even an os built around python: http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml (http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml)
My point being, python is not just for small programs and scripts but is also just as capable of being used in arbitrarly large projects.
That OS not an OS written in python. It is a minimal OS written in C probably with a python interpreter ported over to it. And yes there are *some* large projects. But notice how many large projects are written in C, C++, or Obj-C or even C# or Java. There is a reason for it.
Edit: That OS is "Python OS Project was created with idea to make a pure Linux operating system written in Python. POP based on linux kernel (currently 2.6.32) and GNU userland utilities. A lot of utilities are already written, including base soft, like:" which means it's a C kernel (Linux) with python ported over to it and the utilities written in Python. Python itself is written in C I believe. You are not going to have an OS written in just python as you seem to think.
-
No, I am well aware that it isn't written entirely in python. That would be absurd! Nonetheless, it is still a great example of what python is capable of.
-
That OS not an OS written in python. It is a minimal OS written in C probably with a python interpreter ported over to it. And yes there are *some* large projects. But notice how many large projects are written in C, C++, or Obj-C or even C# or Java. There is a reason for it.
Edit: That OS is "Python OS Project was created with idea to make a pure Linux operating system written in Python. POP based on linux kernel (currently 2.6.32) and GNU userland utilities. A lot of utilities are already written, including base soft, like:" which means it's a C kernel (Linux) with python ported over to it and the utilities written in Python. Python itself is written in C I believe. You are not going to have an OS written in just python as you seem to think.
Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.
-
Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.
I wouldn't recommend insulting an admin ::)
-
Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.
Lawl. You really think that? Do you want me to demonstrate that no matter what you do in python, it will be slower than using C++ or C directly? C, C++, Obj-C, they're all superior to python based on the sheer fact that they're compiled and then executed. Java is also superior in some aspects because it's compiled to byte code and then the byte code which has been optimized is then executed. Python is interpreted directly from the source. Python will never be faster than C, C++ or Obj-C and for my needs it is too slow.
Have you ever tried writing an entire AI in python or C++? I have. Python was too slow so I switched to C++ for the AI. I'm sure python is quite reasonable for some large projects but it can never be better than C, C++ or Obj-C other than, maybe, for prototyping and some odd edge cases. Python also isn't standardized enough for certain uses, Python 2.x code was (and still is in some cases I believe) incompatible with Python 3.x code. In C, C++, and Obj-C and any other C based language that's never the case. When Python is standardized and used enough to be optimized to the point where it can be competitive in some cases then I'll consider using it more.
Another problem is that you're going to be running up against the fact that the Python interpreter is written in C and so Python code can never be faster than C code doing the same thing. C++ is also ever so slightly slower than C and so it follows that Python will never be faster than C++ either. The same thing applies to Obj-C. I'm sure Python is a great language, heck, I use it a fair amount but never for massive projects because it's just too slow and it isn't powerful enough for my tastes.
So please, instead of just telling me to "shut the fuck up" support your argument with facts and evidence instead of just declaring me wrong.
Thanks,
Your friend bluechill (who happens to be an admin).
btw, if you really want to argue this I'll split the thread so we can or we can just go on IRC and I can destroy your argument there :).
-
Too much adrenaline in this thread, i love it .:)
-
Not to be an asslicker of some sort, but I do agree with bluechill.
Whilst you can do large projects with Python, it becomes bloated and it is overkill. Saying that Python is for "minor scripting" is not an insult at all. There are languages suited better for certain purposes. Would you re-write Windows in Brainfuck? I guess you could, but it is definitely overkill. Would you script a macro with C++? Overkill too.
With low-level stuff, use low-level languages. And Python is a high level interpreted language. Sure you could eat soup with a fork, but... at what cost/time?
So, whoever is this the most fanatic of Python (I didn't bother to read the nickname), please stop the drama. A person asked politely if he/she could re-write Zeus and he/she got his/her answer.
-
A person asked politely if he/she could re-write Zeus and he/she got his/her answer.
Kudos for not presuming that everyone in a tech related forum is male.
I agree with bluechill too. Nothing more to say here.
-
Kudos for not presuming that everyone in a tech related forum is male.
I agree with bluechill too. Nothing more to say here.
um... I'm not a sexist but, writing he/she everywhere is stupid.. I usually use " they" Or "person" but it's not always applicable.
for ex. Chairperson instead of chairman..
but.. It's difficult.
and, isn't it more important to convey the meaning instead of the particulars to be precise?
-
um... I'm not a sexist but, writing he/she everywhere is stupid.. I usually use " they" Or "person" but it's not always applicable.
for ex. Chairperson instead of chairman..
but.. It's difficult.
and, isn't it more important to convey the meaning instead of the particulars to be precise?
If you look at my posts, you will probably see that I also don't write he/she everywhere.
So, yes, it is too tedious to do it all the time. Nevertheless I appreciated that.
Edit: When refering to a person I don't know the gender of, I tend to say the nick or something like that instead of the pronouns.
@somegrass: Don't let yourself hold back from some opinions. Do what you have to do. The learning experience is worth it.
-
How common is python when it comes to malicous applications..?
I think not really , well maybe not for such a project as this but when compiled to .exe for example it will probably evade anti-virus/malware scanners.
Funny enough a lot of virus scanners still scan for patterns and rely on this heavily.
Applications behaviour is monitored if course.
I really do believe that coding in a less used language will, compared to common ones be less fingerprinted.
Or maybe im an idiot, thats very well possible.
-
How common is python when it comes to malicous applications..?
I think not really , well maybe not for such a project as this but when compiled to .exe for example it will probably evade anti-virus/malware scanners.
Funny enough a lot of virus scanners still scan for patterns and rely on this heavily.
Applications behaviour is monitored if course.
I really do believe that coding in a less used language will, compared to common ones be less fingerprinted.
Or maybe im an idiot, thats very well possible.
Python2exe or whatever the program's name is quite similar to how a self extracting executable works. The source code for the python is still in there because python is an interpreted language and it is still possible to extract the source. You can obfuscate the source but it becomes exponentially harder to evade anti-virus and the like when your source code is packaged into your application in an easy to extract format.
The good anti-virus (Kaspersky is an example of a good anti-virus. Those Russian's ya know?) will be able to detect this and rely a lot more on just patterns in the executable, they rely on run time behavior and include heuristics and static analysis and a whole bunch of other tools to determine whether it is malicious or not. It may *technically* be very advanced pattern recognition but I would classify it as something more because of how most people think of patterns.
Run time behavior is the best way to determine whether an application is malicious and so it doesn't matter what language it was written in. Plus most languages get compiled down to machine code (that you'd use for malware, otherwise we have the python senario as I stated above) which is analyzed and there will be minimal difference for the anti-virus. It doesn't matter the language, malware is about your techniques more than anything else.
The language can influence some things but it is less important than techniques, the problem is that for some techniques to be effective, it requires certain things of a language which is where the downsides of certain languages exists.
-
Thanks for explaining this.
-
Well, the fact that it was based off of win32 keyboard hooks kind of screws that one up; but you make a very good point about python/malware in general
-
What you would have to do is create your own python interpreter with the source code hard coded and then compile that all into an executable yourself. (write the interpreter in C++ or something). Basically it's so much more work than just using C++ it's so unfeasible that I would never even attempt to do it.
I know this is an old post, but it is a topic others will likely continue to read, and this is flat out wrong.
There are existing methods to do this for you, such as py2exe (http://www.py2exe.org/)
-
I know this is an old post, but it is a topic others will likely continue to read, and this is flat out wrong.
There are existing methods to do this for you, such as py2exe (http://www.py2exe.org/)
You should read the question BlueChill was answering to. ???
-
(http://i.imgur.com/CWrryoX.jpg)
</thread>