Pages: [1]

Author Topic: Binding to DLLs or Hiding in Processes  (Read 1969 times)

0 Members and 1 Guest are viewing this topic.

Offline lsquared

  • /dev/null
  • *
  • Posts: 15
  • Cookies: 0
    • View Profile
Binding to DLLs or Hiding in Processes
« on: September 14, 2012, 06:29:10 am »
I've been thinking of a project to start on the side for fun, decided on something along the lines of a backdoor or keylogger to better learn python. When I was thinking of different functionality that would be cool I realized, I have about no idea or experience with how to hide a program's process and how to bind a program with a DLL.

Just reading that seems a little n00by.. sorry bout it. I don't need you guys to hold my hand, maybe just point me in the right direction.

Also if anyone wants to collaborate on something I'm more than willing, just PM me.

Thanks,
lsquared
Report to moderator   Logged

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #1 on: September 14, 2012, 07:02:42 am »
To import a dll:
Code: [Select]
import ctypes
dll = ctypes.WinDLL('mydll.dll')
Report to moderator   Logged
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #2 on: September 14, 2012, 01:15:37 pm »
I would say Python is not your first choice when making backdoors/keyloggers, at least if you want to hide them and run them as malware.

All tho, I guess it is possible; You can probably use a normal registery key in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run to start your python script at boot. Hiding it from the process list on the other hand, probably not so easy/possible (with python).
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #3 on: September 14, 2012, 05:25:21 pm »
Wanna make a good backdoor? I mean, a really gooed one? Code in C / C++  ;)
Report to moderator   Logged
~ God is real. Unless declared as an integer.

Offline Nexus

  • Serf
  • *
  • Posts: 24
  • Cookies: 9
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #4 on: September 14, 2012, 05:45:44 pm »
The problem with using Python is that in order for your backdoor to work, the target system must be able to run it. No version of Windows has ever had Python installed by default and there are a probably a few Linux distro's that are the same. You can convert python to binary executables but they will be massive in size. You can certainly create a backdoor using a Python framework for example, but that backdoor has to end up as a binary native to the target system.
« Last Edit: September 14, 2012, 05:46:24 pm by Nexus »
Report to moderator   Logged

Offline lsquared

  • /dev/null
  • *
  • Posts: 15
  • Cookies: 0
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #5 on: September 15, 2012, 08:54:25 pm »
Good point on the difficulty of using python for this kind of project. I have just been looking for something to try with python, but may as well stick with C/C++ and Assembly for now.

Thanks guys,
lsquared
Report to moderator   Logged

Offline Ragehottie

  • Knight
  • **
  • Posts: 313
  • Cookies: -9
  • Hack to learn, not learn to hack.
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #6 on: September 16, 2012, 12:05:11 am »
Quote from: lsquared on September 15, 2012, 08:54:25 pm
Good point on the difficulty of using python for this kind of project. I have just been looking for something to try with python, but may as well stick with C/C++ and Assembly for now.

Thanks guys,
lsquared

Hello. I am a fellow python coder. I suggest don't let people change your mind over a few replies. Python might not be the best, but its fun to code and it works just fine. People will always try to change you over to c/++, but stick with python.
Report to moderator   Logged
Blog: rexmckinnon.tumblr.com

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #7 on: September 16, 2012, 12:24:20 pm »
Quote
Hello. I am a fellow python coder. I suggest don't let people change your mind over a few replies. Python might not be the best, but its fun to code and it works just fine. People will always try to change you over to c/++, but stick with python.


Why?  :P
Report to moderator   Logged
~ God is real. Unless declared as an integer.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Binding to DLLs or Hiding in Processes
« Reply #8 on: September 16, 2012, 01:51:05 pm »
Quote from: Ragehottie on September 16, 2012, 12:05:11 am
Hello. I am a fellow python coder. I suggest don't let people change your mind over a few replies. Python might not be the best, but its fun to code and it works just fine. People will always try to change you over to c/++, but stick with python.

There are reasons you don't use a fork for eating soup (even if it is a good fork and it is fun to use it).
Report to moderator   Logged
Pages: [1]