@@ -8,9 +8,27 @@ PythonRAT is a Command and Control (C2) server which can control multiple machin
8
8
9
9
10
10
## Table of Contents
11
- [ Features] ( #Features )
12
-
13
- <a name =" Features " />
11
+ - [ Features] ( #features )
12
+ - [ Usage Manuals] ( #usage-manuals )
13
+ * [ C2 Manual] ( #c2-manual )
14
+ * [ Session Manual] ( #session-manual )
15
+ - [ Wine and Pyinstaller (Win version) Installation on Linux] ( #wine-and-pyinstaller--win-version--installation-on-linux )
16
+ * [ Environment Setup] ( #environment-setup )
17
+ * [ Installing Dependencies] ( #installing-dependencies )
18
+ - [ Backdoor Compilation and Obfuscation for Windows] ( #backdoor-compilation-and-obfuscation-for-windows )
19
+ * [ Compile to Executable using Pyinstaller Linux] ( #compile-to-executable-using-pyinstaller-linux )
20
+ * [ Compile to Executable using Pyinstaller (Win) under Wine] ( #compile-to-executable-using-pyinstaller--win--under-wine )
21
+ * [ Obfuscation using SFX Archive (Theory)] ( #obfuscation-using-sfx-archive--theory- )
22
+ + [ NOTE: SFX Archive] ( #note--sfx-archive )
23
+ * [ Creating SFX Archive] ( #creating-sfx-archive )
24
+ * [ Creating SFX Archive - Visual] ( #creating-sfx-archive---visual )
25
+ * [ Task Manager] ( #task-manager )
26
+ - [ Preview Images] ( #preview-images )
27
+ * [ Target Connection to C2 Server] ( #target-Connection-to-c2-server )
28
+ * [ Interacting with Session] ( #interacting-with-session )
29
+ * [ Test Commands on Target] ( #test-commands-on-target )
30
+ * [ Session Options] ( #session-options )
31
+ * [ Backgrounding and Killing Session] ( #backgrounding-and-killing-session )
14
32
15
33
# Features
16
34
@@ -29,7 +47,7 @@ PythonRAT is a Command and Control (C2) server which can control multiple machin
29
47
30
48
31
49
# Usage Manuals
32
- ** C2 Manual**
50
+ ## C2 Manual
33
51
34
52
targets --> Prints Active Sessions
35
53
session *session num* --> Will Connect To Session (background to return)
@@ -40,7 +58,7 @@ PythonRAT is a Command and Control (C2) server which can control multiple machin
40
58
41
59
42
60
43
- ** Session Manual**
61
+ ## Session Manual
44
62
45
63
quit --> Quit Session With The Target
46
64
clear --> Clear The Screen
@@ -64,7 +82,7 @@ PythonRAT is a Command and Control (C2) server which can control multiple machin
64
82
65
83
Python 2.7.14 Releases: https://www.python.org/downloads/release/python-2714/
66
84
67
- ** Environment Setup**
85
+ ## Environment Setup
68
86
69
87
┌──(root💀kali)-[ ~ /]
70
88
@@ -78,7 +96,7 @@ Python 2.7.14 Releases: https://www.python.org/downloads/release/python-2714/
78
96
sudo wine msiexec -i ~ /python-2.7.14.msi #x86 arch
79
97
80
98
81
- ** Installing Dependencies**
99
+ ## Installing Dependencies
82
100
83
101
┌──(root💀kali)-[ ~ /.wine/drive_c]
84
102
@@ -93,13 +111,13 @@ Python 2.7.14 Releases: https://www.python.org/downloads/release/python-2714/
93
111
94
112
# Backdoor Compilation and Obfuscation for Windows
95
113
96
- ** Compile to Executable using Pyinstaller Linux**
114
+ ## Compile to Executable using Pyinstaller Linux
97
115
98
116
$ pyinstaller --onefile --noconsole backdoor.py
99
117
100
118
or,
101
119
102
- ** Compile to Executable using Pyinstaller (Win) under Wine**
120
+ ## Compile to Executable using Pyinstaller (Win) under Wine
103
121
104
122
# wine /root/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile --noconsole ~/backdoor.py
105
123
110
128
This will produce _ ./dist/backdoor.exe_
111
129
112
130
113
- ** Obfuscation using SFX Archive (Theory)**
131
+ ## Obfuscation using SFX Archive (Theory)
114
132
115
133
The executable _ backdoor.exe_ will be made to look like an image (jpg) file.
116
134
By default Windows does not show file extensions (e.g. backdoor.exe will show in Windows Explorer as backdoor).
@@ -121,7 +139,7 @@ Making the executable appear to be an image.
121
139
122
140
Of course this same method could be applied to audio, document or video file using an appopriate icon.
123
141
124
- ** NOTE: SFX Archive**
142
+ ### NOTE: SFX Archive
125
143
126
144
SFX archive is not the only method of obfuscating the executable.
127
145
We can when compiling using _ Pyinstaller_ add the argument _ --add-data "/root/wallpaper.jpg;."_ with
@@ -131,7 +149,7 @@ _--icon ~/wallpaper.ico_.
131
149
# mv ./dist/_backdoor.exe_ ./dist/_wallpaper.jpg.exe_
132
150
133
151
134
- ** Creating SFX Archive**
152
+ ## Creating SFX Archive
135
153
136
154
WinRAR > Add To Archive (image.jpg and backdoor.exe)
137
155
@@ -161,7 +179,7 @@ Rename archive to: _image.jpg.exe_
161
179
162
180
163
181
164
- ** Creating SFX Archive - Visual**
182
+ ## Creating SFX Archive - Visual
165
183
166
184
https://user-images.githubusercontent.com/10171446/153578069-851d3896-67d0-465b-ad92-267ad21504ee.mp4
167
185
@@ -179,33 +197,33 @@ Once opened the SFX archive will open the image file inside the archive and the
179
197
Due to _ --noconsole_ argument in _ Pyinstaller_ , no window will be rendered.
180
198
181
199
182
- ** Task Manager**
200
+ ## Task Manager
183
201
184
202
The _ backdoor.exe_ process can be seen in Task Manager and ended there if necessary.
185
203
186
204
# Preview Images
187
205
188
- ** Target connection to C2 Server**
206
+ ## Target Connection to C2 Server
189
207
190
208
![ Screenshot_2022-02-10_06-16-22] ( https://user-images.githubusercontent.com/10171446/153403206-4ce3dc23-4c1a-41b6-a715-2e2021d965ce.png )
191
209
192
210
193
- ** Interacting with Session**
211
+ ## Interacting with Session
194
212
195
213
![ Screenshot_2022-02-10_06-17-20] ( https://user-images.githubusercontent.com/10171446/153403283-3df77fd8-2cbe-4990-b82f-d847bdde3bee.png )
196
214
197
215
198
- ** Test Commands on Target**
216
+ ## Test Commands on Target
199
217
200
218
![ Screenshot_2022-02-10_06-22-48] ( https://user-images.githubusercontent.com/10171446/153403427-058ebe8a-36d8-465c-8386-7a55cea1641b.png )
201
219
202
220
203
- ** Session Options**
221
+ ## Session Options
204
222
205
223
![ Screenshot_2022-02-10_06-23-21] ( https://user-images.githubusercontent.com/10171446/153403579-3b090b00-2dec-4c33-a94d-020eb2b0d2b4.png )
206
224
207
225
208
- ** Backgrounding and Killing Session**
226
+ ## Backgrounding and Killing Session
209
227
210
228
![ Screenshot_2022-02-10_06-25-04] ( https://user-images.githubusercontent.com/10171446/153403973-d9757c68-4ca2-405f-ae13-a0ca0666bfcc.png )
211
229
0 commit comments