Caution

The only other official source to get kakadoo from is kakadoo.vercel.app!
Do not use this software for malicious purposes! I am not liable for any damages.

Note

This tool is in early development phase. Bugs and missing features are to be expected.

kakadoo [BETA]

Overview

Proof of Concept Python3 (non-persistent) dropper.
Only compatible with Windows systems. Tested on Windows 11.

What is kakadoo?

kakadoo is a program designed to take any payload and hide it from the user. It will quietly execute this payload if ran, while coming with additional useful features.

temporary message

currently, the dropper only works on users that are in the "Administrators" group. this will be addressed soon. adding to that, the dropper is not fully non-persistent as of right now, but i will push out an update for this soon too.

🔵 - Content

• 💯 - Features
• ✅ - Requirements
• 🔨 - Installing
• 🧰 - Usage
• ❓ - Help
• Extended Usage
• To Do
• 👋 - Authors
• ❗ - License

💯 - Features

• Builder ✨
• Privilege Escalation 🔑
• Infiltrates Windows Defender 💉
• Anti-VM (BETA) 📍
• Anti-Analysis tools (BETA) 📍
• Encrypted Payload 💉
• Obfuscation 🔑
• No popups during runtime!
• More to be added! ➕

---

✅ - Requirements

• Python
• The latest release of kakadoo

---

🔨 - Installing

1. Install the latest release of kakadoo
2. Extract the .zip file in the desired directory.
3. Run "kakadoo.py"
4. Wait until missing dependencies are installed.
5. kakadoo is ready for use
6. Enjoy!

---

🧰 - Usage

1. Get an executable Payload
2. Run kakadoo
3. Enter in "1" and press Enter.
4. Configure your kakadoo Dropper.
5. See extended Usage for more help.
6. Let kakadoo do the rest.
7. Your file is ready for usage!

---

❓ - Help

1. Python allegedly "not found", Problems with PATH.

A common problem lots of users have with this program is not caused by me or my program, it's caused by Python. Upon installing Python you have to select the option "Add python.exe to PATH". Unfortunately this box is **NOT** ticked by default. If you already have Python installed, there's still a way to avoid a reinstallation. You can look up a tutorial on how to manually extend PATH to include Python.

2. How can I trust this?

You can easily view the source code of the project by opening the .py files in an IDE. I never had any malicious code in any of my projects and it will be like this forever.

3. ERROR: File not found!

This error indicates that files that kakadoo requires, are missing. Reinstall the program and make sure not to tinker with any names or directories of the different kakadoo-installed files.

4. ERROR: File altering detected!

This error usually indicates that the user has tampered with kakadoo. Tampering with the file in small ways introduces bugs, which is why this is detected and blocked.

5. UNKNOWN ERROR

As the name suggests, this is an unexpected error that should not occur. Report any unknown errors to me. To establish contact, join the Discord Server, which can be found in the Authors Section.

6. What is an executable Payload?

An executable Payload is a file that can be interpreted by Windows to run code. The most common example are files with the .exe extension, but there are also other extensions that are executable.

7. Why is there a default icon?

Using no icon at all, will lead to the resulting file being wrongfully detected as ransomware and raise detection rate by over 20%. If you insist on using no icon at all, specify that you want to add an icon in the Builder and enter in "NONE" (case sensitive!) as the icon path. This is not recommended!

8. File is not there or not working properly when tested?

This can obviously be a bug, if there is an error shown, please contact me so I can improve my software. Otherwise, this won't work because of your antivirus. As my files are not fully undetected, your AV might think that you installed a virus (even though you created it) and break it/parts of it or even delete it. To fix this, simply turn off your Antivirus and then create your file or add the file as extension so it doesn't get locked.

Extended Usage

This will describe every possible config further.

• Wrap Payload using kakadoo: Initiates kakadoo main program
  • Payload File: Expects an executable Payload; accepts an absolute path or the file name + extension (if file is in same directory as kakadoo.py)
  • Dropper File Name: Expects a name without extension; the final file will be called after the given string
  • Add icon to file: Accepts "yes" or "y" as positive, anything else as negative; will continue to sub-option if positive
    • Icon File: Expects a .ico file; accepts an absolute path, the file name or the file name + .ico ectension (if file is in the same directory as kakadoo.py); also accepts "NONE" for no icon at all (NOT RECOMMENDED)
  • Obfuscate file: Accepts "yes or "y" as positive, anything else as negative; will obfuscate file using PyArmor if positive
  • Enable Self Destruction: Accepts "yes or "y" as positive, anything else as negative; will remove payload and dropper itself at end of runtime
• Contact: Lists contacts
• Help: Redirects to Github Help subpage

To Do

- Support non-admin executions !!! (main)
- Make various features in main configurable in builder (main/builder)
- Expand Anti-VM (main)
- Expand Anti Diagnostic Tool System (main)
- Add full cleanup as config (main/builder)
- Add elevation to critical process as config (main/builder)
- Add independent Payload launch as config (main/builder)
- Check if SubmitSamplesConsent is 2 and don't assume (builder)
- Add custom Payload extraction path (main/builder)
- Infiltrate other AVs, not only windefender (main)

👋 - Authors

• Drax - Initial Work

• Nassim Asrir - UAC Bypass

Discord: draxfm

Need help? Join the Discord!

❗ - License

This project is licensed - see the LICENSE file for details.