Python Backdoor – File Transfer

Hey guys! What’s going on?

Once again for this tutorial we will be picking up right where we left off… last time we got the encryption going on, so that all traffic between server/client is encrypted. Now that’s pretty good, but it’s time we start to enhance functionality of this shell and add new features to make life easier in the future.

As I stated in the first video of the series, this shell is nice but due to the subprocess module in Python it does limit us to certain things, like using FTP or anything that involves spawning a new thread really — at least to the extent of my testing! So we’re gonna go ahead and implement perhaps one of the most fundamentals tasks really: file transferring over a raw, single-threaded socket.

Introduction

Before getting into anything, I would just like to state that for encoding reasons I had to record this episode on my Slackware Linux box, which runs at least 200x times faster than my Windows box. If you’ve seen the pictures I posted on the Facebook fan page, you probably know that my last videos all took days to encode and that wastes too much time honestly. Don’t worry, the code is the same and compiling process remains the same as well.

Â

Implementation

Initially, I wanted to implement file transferring inside the encrypted tunnel, so I did. It worked for most files, except binaries for some reason. After dwelling on how to get it to work inside the encrypted AES tunnel, out of curiosity I tested a raw socket to send and receive files and for my surprise, it worked flawlessly as well! Both in a local network and on a remote one too.

The issue I had with the encrypted tunnel was that the padding would fall out of place — because I set AES to automatically pad it for me, leaving me unable to deal with encoding myself. I did test sending some files across the encrypted tunnel and to my surprise, some did work, like: text files, pictures, html, among others. So I will re-implement this in a future update to transfer confidential files strictly!

Issues

On the other hand, the raw socket worked so well, with so little code that for now I decided to just let it rip. As of right now, I did omit a few things from the shell such as error handling, etc. so if your in the middle of a transfer and you get disconnected from the network, all types of havoc might spawn. Also trying to download a file that doesn’t exist will crash. So use this functionality wisely.

In time I plan to fix these minor flaws, and I will then update the link here. If somebody feels inspired and like to take on the task themselves, maybe define functions on the code so that it looks more organized; just send me a copy at my email (which you can find in the about page) along with your name and link, I will gladly update it here. 😉

Download

Click here to download the code. [ DOWNLOAD ]

By the way, all of these minor flaws gave me the idea of creating a module inside the shell to “resist dying” basically so that if it disconnects, we just make it sleep, or if traffic isn’t received, wait a while then try again, etc. to a point where the shell just won’t die. So that might be the topic of an upcoming article, leave your input below, but for now enjoy the vid and make sure to hit high quality!

Credits

Credits go out to the Stack Overflow Forums, because I found so much good code in various different topics that helped me out a lot in deciding which alternative would work the best in this situation…
This whole series of videos was inspired by both David Kennedy and the AverageSecurityGuy; credits go out to them as well for their work!

Leave a Reply

Your email address will not be published. Required fields are marked *