Author Topic: Anyone Want To Code A Python (RAT)  (Read 4438 times)

0 Members and 4 Guests are viewing this topic.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Anyone Want To Code A Python (RAT)
« Reply #15 on: March 25, 2015, 09:24:24 pm »
Well i mean it's just a project but if i wanted to encrypt it then.
I would probably convert it into a .exe file exstention and encrypt it that way.

Or i would use metasploit payload encoded payloads and infect with a peice of shellcode.
Either way there is allways a way no matter what and thats the beauty of hacking is to find
a way people have not found before or even thought of.

So basically, you have no idea yet. (The "protection mechanisms" you mention here are not sufficient and all of them involve the use of third-party tools )
You may not care about the protection if it is just for fun, but you may still consider that a lot of real projects started as a for-fun project and yours is not a small one.
Just something to think about before you invest a lot of time.

You guys don't see the artistic side of the malware creation. And who dafuq writes malware with dependencies on frameworks like .NET?

A lot. A lot lot. I get .NET samples everywhere and all the time at work. No one cares about a dependency that is installed on almost all Windows machines.
« Last Edit: March 25, 2015, 09:28:46 pm by Deque »

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Anyone Want To Code A Python (RAT)
« Reply #16 on: March 26, 2015, 12:02:32 am »
ill admit when i saw the title i said to myself "here's a BoS winner"... the project actually sounds fun. what would you like help with?

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Anyone Want To Code A Python (RAT)
« Reply #17 on: March 26, 2015, 07:29:53 am »
A lot. A lot lot. I get .NET samples everywhere and all the time at work. No one cares about a dependency that is installed on almost all Windows machines.
Is that so? sounds like something HF tards would churn out with VB.NET. If that's the case, let's just make malware in Java eh? it's preinstalled on ALMOST all of the windows machines, not to mention special machines!
Hmm... the tendencies might have changed in the years since I last checked my info, but I still believe it's stupid.

Python is not really the ideal language if you're going to be writing malware, it is a interpreted language and is not compiled into machine code. Therefore making it extremely easy to reverse engineer. Using Python obfuscater's and packing software is not going to stop it in anyway mate.
Since some people are saying obfuscation a lot, here's a thread from the past discussions: https://evilzone.org/scripting-languages/%28question%29-obfuscating-python/

Offline Cylar

  • /dev/null
  • *
  • Posts: 8
  • Cookies: -4
    • View Profile
Re: Anyone Want To Code A Python (RAT)
« Reply #18 on: March 26, 2015, 12:01:50 pm »
The pyRat Will not be in CLI mode.
I will code it GUI.

I will get to encryption later there are encryption libarys in python.
Just because the file size is bigger that doesnt mean anything.
The bigger the better if you see a file the size of 300kb = Rat <----
Now if you seen some leggit looking program like setup.exe = 12mb <---- Looks more leggit

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Anyone Want To Code A Python (RAT)
« Reply #19 on: March 26, 2015, 12:20:17 pm »
Is that so? sounds like something HF tards would churn out with VB.NET. If that's the case, let's just make malware in Java eh? it's preinstalled on ALMOST all of the windows machines, not to mention special machines!

Java is actually not a bad idea, because most AV companies have no support at all to create proper signatures for Java .class or .jar files.
That means they usually have to resort to blacklisting Java malware which means you can reFUD your file by just changing one little thing in your code. Imagine that in combination with metamorphism and you have a piece of malware that should evade detection for a long time and run on most machines. Malware analysts rip their hair out because of this, these files are easily reverse-engineered, but there is no use, if you cannot create proper detections for them.
What d4rkcat told about Python is basically similar to this situation, but I don't know how far you can actually spread Python malware this way.