This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label Keylogger. Show all posts
Showing posts with label Keylogger. Show all posts

BrainDamage - A fully featured backdoor that uses Telegram as a C&C server

March 15, 2017  , , , , , , , , , , , , ,  


A python based backdoor which uses Telegram as C&C server.

                           /\
                          /_.\
                    _,.-'/ `",\'-.,_
                 -~^    /______\`~~-^~:

  ____            _       _____                                   
 |  _ \          (_)     |  __ \                                  
 | |_) |_ __ __ _ _ _ __ | |  | | __ _ _ __ ___   __ _  __ _  ___ 
 |  _ <| '__/ _` | | '_ \| |  | |/ _` | '_ ` _ \ / _` |/ _` |/ _ \
 | |_) | | | (_| | | | | | |__| | (_| | | | | | | (_| | (_| |  __/
 |____/|_|  \__,_|_|_| |_|_____/ \__,_|_| |_| |_|\__,_|\__, |\___|
                                                        __/ |     
                                                       |___/      

--> Coded by: Mehul Jain(mehulj94@gmail.com)
--> Github: https://github.com/mehulj94
--> Twitter: https://twitter.com/wayfarermj
--> For windows only

  ______         _                       
 |  ____|       | |                      
 | |__ ___  __ _| |_ _   _ _ __ ___  ___ 
 |  __/ _ \/ _` | __| | | | '__/ _ \/ __|
 | | |  __/ (_| | |_| |_| | | |  __/\__ \
 |_|  \___|\__,_|\__|\__,_|_|  \___||___/
                                         

--> Persistance
--> USB spreading
--> Port Scanner
--> Router Finder
--> Run shell commands
--> Keylogger
--> Insert keystrokes
--> Record audio
--> Webserver
--> Screenshot logging
--> Download files in the host
--> Execute shutdown, restart, logoff, lock
--> Send drive tree structure
--> Set email template
--> Rename Files
--> Change wallpaper
--> Open website
--> Send Password for
    • Chrome
    • Mozilla
    • Filezilla
    • Core FTP
    • CyberDuck
    • FTPNavigator
    • WinSCP
    • Outlook
    • Putty
    • Skype
    • Generic Network
--> Cookie stealer
--> Send active windows
--> Gather system information
    • Drives list
    • Internal and External IP
    • Ipconfig /all output
    • Platform

Setup
  • Telegram setup:
    • Install Telegram app and search for "BOTFATHER".
    • Type /help to see all possible commands.
    • Click on or type /newbot to create a new bot.
    • Name your bot.
    • You should see a new API token generated for it.
  • Dedicated Gmail account. Remember to check "allow connection from less secure apps" in gmail settings.
  • Set access_token in eclipse.py to token given by the botfather.
  • Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id.
bot.getMe() will give output {'first_name': 'Your Bot', 'username': 'YourBot', 'id': 123456789}
  • Set copied_startup_filename in Eclipse.py.
  • Set Gmail password and Username in /Breathe/SendData.py

Abilities
  • whoisonline- list active slaves
    This command will list all the active slaves.
  • destroy- delete&clean up
    This command will remove the stub from host and will remove registry entries.
  • cmd- execute command on CMD
    Run shell commands on host
  • download- url (startup, desktop, default)
    This will download files in the host computer.
  • execute- shutdown, restart, logoff, lock
    Execute the following commands
  • screenshot- take screenshot
    Take screenshot of the host of computer.
  • send- passwords, drivetree, driveslist, keystrokes, openwindows
    This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open
  • set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text)
    This command can set email template (default, download from url, update current template with text you'll send), rename filenames or insert keystrokes in host.
  • start- website (URL), keylogger, recaudio (time), webserver (Port), spread
    This command can open website, start keylogger, record audio, start webserver, USB Spreading
  • stop- keylogger, webserver
    This command will stop keylogger or webserver
  • wallpaper- change wallpaper (URL)
    Changes wallpaper of host computer
  • find- openports (host, threads, ports), router
    This command will find open ports and the router the host is using
  • help- print this usage

Requirements

Screenshots






For educational purposes only, use at your own responsibility.


Read More

Stitch - Python Remote Administration Tool (RAT)

March 06, 2017  , , , , , , , , , , , , , , ,  


This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.

Features

Cross Platform Support
  • Command and file auto-completion
  • Antivirus detection
  • Able to turn off/on display monitors
  • Hide/unhide files and directories
  • View/edit the hosts file
  • View all the systems environment variables
  • Keylogger with options to view status, start, stop and dump the logs onto your host system
  • View the location and other information of the target machine
  • Execute custom python scripts which return whatever you print to screen
  • Screenshots
  • Virtual machine detection
  • Download/Upload files to and from the target system
  • Attempt to dump the systems password hashes
  • Payloads' properties are "disguised" as other known programs

Windows Specific
  • Display a user/password dialog box to obtain user password
  • Dump passwords saved via Chrome
  • Clear the System, Security, and Application logs
  • Enable/Disable services such as RDP,UAC, and Windows Defender
  • Edit the accessed, created, and modified properties of files
  • Create a custom popup box
  • View connected webcam and take snapshots
  • View past connected wifi connections along with their passwords
  • View information about drives connected
  • View summary of registry values such as DEP

Mac OSX Specific
  • Display a user/password dialog box to obtain user password
  • Change the login text at the user's login screen
  • Webcam snapshots

Mac OSX/Linux Specific
  • SSH from the target machine into another host
  • Run sudo commands
  • Attempt to bruteforce the user's password using the passwords list found in Tools/
  • Webcam snapshots? (untested on Linux)

Implemented Transports
All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system.

Implemented Payload Installers
The "stitchgen" command gives the user the option to create NSIS installers on Windows and Makeself installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must download and install NSIS.

Wiki

Requirements
For easy installation run the following command that corresponds to your OS: 
# for Windows
pip install -r win_requirements.txt

# for Mac OSX
pip install -r osx_requirements.txt

# for Linux
pip install -r lnx_requirements.txt

Windows Specific

Mac OSX Specific

Mac OSX/Linux Specific

To Run 
python main.py
or
./main.py

Motivation
My motivation behind this was to advance my knowledge of python, hacking, and just to see what I could accomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done by n1nj4sec , but still decided to put this up since I had already come so far.

Other open-source Python RATs for Reference

Screenshots





Read More

BeeLogger - Generate Emailing Keyloggers to Windows on Linux

February 20, 2017  , , , , , ,  


Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller.

Features
  • Send logs each 120 seconds.
  • Send logs when chars > 50.
  • Send logs with gmail.
  • Some Phishing methods are included.
  • Multiple Session disabled.
  • Bypass UAC.

Prerequisites
  • apt
  • wine
  • wget
  • Linux
  • sudo
  • python2.7
  • python 2.7 on Wine Machine
  • pywin32 on Wine Machine
  • pythoncom on Wine Machine

Tested on:
  • Kali Linux - SANA
  • Kali Linux - ROLLING
  • Ubuntu 14.04-16.04 LTS
  • Debian 8.5
  • Linux Mint 18.1

Cloning: 
git clone https://github.com/4w4k3/BeeLogger/.git

Running: 
sudo python bee.py
If you have another version of Python: 
sudo python2.7 bee.py

Contact:
4w4k3@protonmail.com


Read More
Subscribe to: Posts (Atom)