Author Topic: Rewriting the Zeus Botnet in Python!!  (Read 18766 times)

0 Members and 5 Guests are viewing this topic.

Offline somegrass

  • /dev/null
  • *
  • Posts: 12
  • Cookies: 0
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #15 on: November 13, 2012, 07:14:23 pm »
Thanks for the input everybody! I will probably at least toy around with trying to rebuild some of the lowlevel zeus functionality in python (e.g. HttpSendRequest hooking and process injection) and see if I get anywhere for the learning experience if for nothing else. I actually wrote and compiled(py2exe) a keylogger in python that took a screenshot eveytime a key was clicked(needless to say, it took forever to type anything...) so I am not going into this project without a good amount of experience.

@Ragehottie is that your blog?? I ran across it about a month ago. Big fan. Is there any way I could get a copy of that rootkit source?
« Last Edit: November 13, 2012, 07:14:57 pm by somegrass »

Offline somegrass

  • /dev/null
  • *
  • Posts: 12
  • Cookies: 0
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #16 on: November 13, 2012, 07:28:05 pm »
Also, @bluechill there are tons of examples of very large projects written in python.
http://wiki.python.org/moin/LargePythonProjects
Threre is a even an os built around python: http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml
My point being, python is not just for small programs and scripts but is also just as capable of being used in arbitrarly large projects.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Rewriting the Zeus Botnet in Python!!
« Reply #17 on: November 13, 2012, 08:08:20 pm »
Google services run python and the python creator works at google. How about that?

Offline bluechill

  • Cybermancer
  • Royal Highness
  • ****
  • Posts: 682
  • Cookies: 344
  • I am the existence in these walls
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #18 on: November 13, 2012, 08:29:49 pm »
Also, @bluechill there are tons of examples of very large projects written in python.
http://wiki.python.org/moin/LargePythonProjects
Threre is a even an os built around python: http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Python-OS-87758.shtml
My point being, python is not just for small programs and scripts but is also just as capable of being used in arbitrarly large projects.


That OS not an OS written in python.  It is a minimal OS written in C probably with a python interpreter ported over to it.  And yes there are *some* large projects.  But notice how many large projects are written in C, C++, or Obj-C or even C# or Java.  There is a reason for it.


Edit:  That OS is "Python OS Project was created with idea to make a pure Linux operating system written in Python. POP based on linux kernel (currently 2.6.32) and GNU userland utilities. A lot of utilities are already written, including base soft, like:" which means it's a C kernel (Linux) with python ported over to it and the utilities written in Python.  Python itself is written in C I believe.  You are not going to have an OS written in just python as you seem to think.
« Last Edit: November 13, 2012, 08:31:29 pm by bluechill »
I have dreamed a dream, but now that dream has gone from me.  In its place now exists my own reality, a reality which I have created for myself by myself.

Offline somegrass

  • /dev/null
  • *
  • Posts: 12
  • Cookies: 0
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #19 on: November 13, 2012, 08:37:09 pm »
No, I am well aware that it isn't written entirely in python. That would be absurd! Nonetheless, it is still a great example of what python is capable of.

Offline Ragehottie

  • Knight
  • **
  • Posts: 313
  • Cookies: -9
  • Hack to learn, not learn to hack.
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #20 on: November 14, 2012, 03:23:14 am »

That OS not an OS written in python.  It is a minimal OS written in C probably with a python interpreter ported over to it.  And yes there are *some* large projects.  But notice how many large projects are written in C, C++, or Obj-C or even C# or Java.  There is a reason for it.


Edit:  That OS is "Python OS Project was created with idea to make a pure Linux operating system written in Python. POP based on linux kernel (currently 2.6.32) and GNU userland utilities. A lot of utilities are already written, including base soft, like:" which means it's a C kernel (Linux) with python ported over to it and the utilities written in Python.  Python itself is written in C I believe.  You are not going to have an OS written in just python as you seem to think.


Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.
Blog: rexmckinnon.tumblr.com

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Rewriting the Zeus Botnet in Python!!
« Reply #21 on: November 14, 2012, 04:01:08 am »

Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.

I wouldn't recommend insulting an admin  ::)
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline bluechill

  • Cybermancer
  • Royal Highness
  • ****
  • Posts: 682
  • Cookies: 344
  • I am the existence in these walls
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #22 on: November 14, 2012, 04:26:23 am »

Please, shut the fuck up. Python can be used for massive projects. And it will not be slow if you can code correctly. Now please, stop insulting my language.

Lawl.  You really think that?  Do you want me to demonstrate that no matter what you do in python, it will be slower than using C++ or C directly?  C, C++, Obj-C, they're all superior to python based on the sheer fact that they're compiled and then executed.  Java is also superior in some aspects because it's compiled to byte code and then the byte code which has been optimized is then executed. Python is interpreted directly from the source.  Python will never be faster than C, C++ or Obj-C and for my needs it is too slow.

Have you ever tried writing an entire AI in python or C++? I have.  Python was too slow so I switched to C++ for the AI.  I'm sure python is quite reasonable for some large projects but it can never be better than C, C++ or Obj-C other than, maybe, for prototyping and some odd edge cases.  Python also isn't standardized enough for certain uses, Python 2.x code was (and still is in some cases I believe) incompatible with Python 3.x code.  In C, C++, and Obj-C and any other C based language that's never the case.  When Python is standardized and used enough to be optimized to the point where it can be competitive in some cases then I'll consider using it more.

Another problem is that you're going to be running up against the fact that the Python interpreter is written in C and so Python code can never be faster than C code doing the same thing.  C++ is also ever so slightly slower than C and so it follows that Python will never be faster than C++ either.  The same thing applies to Obj-C.  I'm sure Python is a great language, heck, I use it a fair amount but never for massive projects because it's just too slow and it isn't powerful enough for my tastes.

So please, instead of just telling me to "shut the fuck up" support your argument with facts and evidence instead of just declaring me wrong.

Thanks,
Your friend bluechill (who happens to be an admin).

btw, if you really want to argue this I'll split the thread so we can or we can just go on IRC and I can destroy your argument there :).
« Last Edit: November 14, 2012, 04:28:52 am by bluechill »
I have dreamed a dream, but now that dream has gone from me.  In its place now exists my own reality, a reality which I have created for myself by myself.

Offline geXXos

  • Royal Highness
  • ****
  • Posts: 646
  • Cookies: 178
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #23 on: November 14, 2012, 12:17:50 pm »
Too much adrenaline in this thread, i love it .:)


Offline EmilKXZ

  • Peasant
  • *
  • Posts: 109
  • Cookies: 10
  • likes monies :p
    • View Profile
    • EmilKXZ
Re: Rewriting the Zeus Botnet in Python!!
« Reply #24 on: November 14, 2012, 04:15:28 pm »
Not to be an asslicker of some sort, but I do agree with bluechill.

Whilst you can do large projects with Python, it becomes bloated and it is overkill. Saying that Python is for "minor scripting" is not an insult at all. There are languages suited better for certain purposes. Would you re-write Windows in Brainfuck? I guess you could, but it is definitely overkill. Would you script a macro with C++? Overkill too.

With low-level stuff, use low-level languages. And Python is a high level interpreted language. Sure you could eat soup with a fork, but... at what cost/time?

So, whoever is this the most fanatic of Python (I didn't bother to read the nickname), please stop the drama. A person asked politely if he/she could re-write Zeus and he/she got his/her answer.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #25 on: November 14, 2012, 04:52:30 pm »
A person asked politely if he/she could re-write Zeus and he/she got his/her answer.

Kudos for not presuming that everyone in a tech related forum is male.

I agree with bluechill too. Nothing more to say here.

Offline p_2001

  • Royal Highness
  • ****
  • Posts: 684
  • Cookies: -64
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #26 on: November 14, 2012, 05:06:46 pm »
Kudos for not presuming that everyone in a tech related forum is male.

I agree with bluechill too. Nothing more to say here.

um... I'm not a sexist but, writing he/she everywhere is stupid.. I usually use " they" Or "person" but it's not always applicable.
for ex. Chairperson instead of chairman..


but.. It's difficult.

and, isn't it more important to convey the meaning instead of the particulars to be precise?
« Last Edit: November 14, 2012, 05:07:50 pm by p_2001 »
"Always have a plan"

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #27 on: November 14, 2012, 05:32:10 pm »
um... I'm not a sexist but, writing he/she everywhere is stupid.. I usually use " they" Or "person" but it's not always applicable.
for ex. Chairperson instead of chairman..


but.. It's difficult.

and, isn't it more important to convey the meaning instead of the particulars to be precise?

If you look at my posts, you will probably see that I also don't write he/she everywhere.
So, yes, it is too tedious to do it all the time. Nevertheless I appreciated that.

Edit: When refering to a person I don't know the gender of, I tend to say the nick or something like that instead of the pronouns.

@somegrass: Don't let yourself hold back from some opinions. Do what you have to do. The learning experience is worth it.
« Last Edit: November 14, 2012, 06:06:18 pm by Deque »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #28 on: November 15, 2012, 12:16:51 am »
How common is python when it comes to malicous applications..?

I think not really , well maybe not for such a project as this but when compiled to .exe for example it will probably evade anti-virus/malware scanners.
Funny enough a lot of virus scanners still scan for patterns and rely on this heavily.
Applications behaviour is monitored if course.
I really do believe that coding in a less used language will, compared to common ones be less fingerprinted.

Or maybe im an idiot, thats very well possible.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline bluechill

  • Cybermancer
  • Royal Highness
  • ****
  • Posts: 682
  • Cookies: 344
  • I am the existence in these walls
    • View Profile
Re: Rewriting the Zeus Botnet in Python!!
« Reply #29 on: November 15, 2012, 04:45:58 am »
How common is python when it comes to malicous applications..?

I think not really , well maybe not for such a project as this but when compiled to .exe for example it will probably evade anti-virus/malware scanners.
Funny enough a lot of virus scanners still scan for patterns and rely on this heavily.
Applications behaviour is monitored if course.
I really do believe that coding in a less used language will, compared to common ones be less fingerprinted.

Or maybe im an idiot, thats very well possible.

Python2exe or whatever the program's name is quite similar to how a self extracting executable works.  The source code for the python is still in there because python is an interpreted language and it is still possible to extract the source.  You can obfuscate the source but it becomes exponentially harder to evade anti-virus and the like when your source code is packaged into your application in an easy to extract format.

The good anti-virus (Kaspersky is an example of a good anti-virus.  Those Russian's ya know?) will be able to detect this and rely a lot more on just patterns in the executable, they rely on run time behavior and include heuristics and static analysis and a whole bunch of other tools to determine whether it is malicious or not.  It may *technically* be very advanced pattern recognition but I would classify it as something more because of how most people think of patterns. 

Run time behavior is the best way to determine whether an application is malicious and so it doesn't matter what language it was written in.  Plus most languages get compiled down to machine code (that you'd use for malware, otherwise we have the python senario as I stated above) which is analyzed and there will be minimal difference for the anti-virus.  It doesn't matter the language, malware is about your techniques more than anything else.

The language can influence some things but it is less important than techniques, the problem is that for some techniques to be effective, it requires certain things of a language which is where the downsides of certain languages exists.
I have dreamed a dream, but now that dream has gone from me.  In its place now exists my own reality, a reality which I have created for myself by myself.