monday
Expert
- Joined
- Jun 23, 2014
- Messages
- 1,127
- Solutions
- 1
- Reaction score
- 158
I've made few projects using python and never understood what's the idea behind making hacks/malware using it, they would require the victim/target to have python installed which has like 1% probability. Then I discovered "pyinstaller" that allows to convert python scripts into windows executables which was like getting a Christmas present at the age of 7 
Unfortunately it seems that even the blank script with a simple 'print "test"' inside it is now being recognised by the common antiviruses as malware if it's compiled with pyinstaller. Other than that the "keys.py" has over 13MB if compiled to exe. Nevertheless the working mechanism and display of how complex things can be achieved by simple lines of python code is worth sharing. So here it is.
The working mechanism utilises FTP server as a intermediate between the victim and the attacker. The cool thing about FTP server is that it can be created for free within 5 minutes, all you need is an email, no personal data. The idea to use FTP as a medium has been niggered by me from "★Cam★" user's release. This project relies on his release too but it was little bit "wooden", this code/project doesn't resemble it anymore so I share it as mine.
The keys.py is the file which does all the work, logging the keystrokes, collecting some system information, making screenshots and sending all of these encrypted to the FTP server as files.
The keys_retriever.py is used to connect to the FTP server, collect the information, automatically decrypt it and present to the user. It also has a function to upload a file to the FTP server which will be automatically downloaded by the keys.py with an option to execute it or add to system startup.
There's also a special handling for "nirsoft" executables. :=====:
keys.py
http://pastebin.com/MxJB7FEG
keys_retrieve.py
http://pastebin.com/gjcfSv3S
Output example preview:
Btw if anyone is concerned that this release may results in some harm to innocent people keep in mind that the exe has 13MB so it can't be easily put inside CLEO for example + even if it's by some way downloaded the antivirus will most likely block it. Also if you have some executable you think was made using pyinstaller you could open it in notepad++, that's what it looks like inside:
Unfortunately it seems that even the blank script with a simple 'print "test"' inside it is now being recognised by the common antiviruses as malware if it's compiled with pyinstaller. Other than that the "keys.py" has over 13MB if compiled to exe. Nevertheless the working mechanism and display of how complex things can be achieved by simple lines of python code is worth sharing. So here it is.
The working mechanism utilises FTP server as a intermediate between the victim and the attacker. The cool thing about FTP server is that it can be created for free within 5 minutes, all you need is an email, no personal data. The idea to use FTP as a medium has been niggered by me from "★Cam★" user's release. This project relies on his release too but it was little bit "wooden", this code/project doesn't resemble it anymore so I share it as mine.
The keys.py is the file which does all the work, logging the keystrokes, collecting some system information, making screenshots and sending all of these encrypted to the FTP server as files.
The keys_retriever.py is used to connect to the FTP server, collect the information, automatically decrypt it and present to the user. It also has a function to upload a file to the FTP server which will be automatically downloaded by the keys.py with an option to execute it or add to system startup.
There's also a special handling for "nirsoft" executables. :=====:
keys.py
http://pastebin.com/MxJB7FEG
keys_retrieve.py
http://pastebin.com/gjcfSv3S
Output example preview:
Btw if anyone is concerned that this release may results in some harm to innocent people keep in mind that the exe has 13MB so it can't be easily put inside CLEO for example + even if it's by some way downloaded the antivirus will most likely block it. Also if you have some executable you think was made using pyinstaller you could open it in notepad++, that's what it looks like inside:
