Python Backdoor – AES Encrypted Traffic

What’s up!

Today, we’re gonna be picking up where we left off last time in “Programming a Custom Backdoor in Python“, so I hope you have read that before reading this or you will be pretty lost. LOL In a nutshell, we programmed a ~10 line of code reverse shell using Python’s socket and subprocess modules.

[ UPDATE ]: Credits on the concept go out to Dave Kennedy and his work on building an HTTP AES Encrypted shell.

For this episode, we’re gonna be taking it a step further by implementing AES encryption to our custom backdoor… so not only is our executable completely undetectable, but now it’s traffic is also secured. Think about it, traffic on port 443 is always encrypted anyway.

Traffic Analysis

Ok, so our previous backdoor works, we get the reverse shell but have you taken a loot at the traffic coming outta that thing? Not pretty, I guarantee you. For local hacking that might not be a problem, especially if already inside of a DMZ in the network. However, that’s not always gonna be the case.

On a remote scenario, we have to consider not only the quality of the connection but also its stability; therefore adding encrypted tunnel gives it that extra layer of security.

Python Cryptography Toolkit

The “Python Cryptography Toolkit”, mostly known as PyCrypto provides support for various encryption & decryption suites, such as the Advanced Encryption Standard (AES) which we will be using today.

Please note that if you are trying to download under Windows — and assuming you have Python 32 bits installed as I recommended in this article — you should just download and install the binaries from voidspace. On my Slackware Linux distro it also installed flawlessly as well so you can also take that route…

Implementing AES Encryption

I’m not sure if all the readers are just beginning in Python, like me, but this task did sound much more complicated than it turns out to be. I’m no expert in cryptography and not planning on it either, all I want is to implement the code, get it to work and move on to the next one. So I always look for logical examples of how to achieve something simple and basic — for example, just encrypting a string — and once that’s understood, it becomes easier to implement it.

This turned out exactly to be the case, as I luckily ran into Code Koala’s flawless implementation of encoding and decoding AES encryption functions. I am obviously not going to reinvent the wheel, so taking this code and implementing it to our previous backdoor was a breeze — at least from what I expected anyway. If you turn out to disagree, leave a comment below and we’ll discuss it.

This time I will not be posting the source code right here into the post, as it has a bunch of comments explaining exactly what’s it’s doing and other stuff. I also recommend checking out the links on this article if you want to understand something in particular… as always I’m not going into extreme detail because we also have to keep moving otherwise we lose balance and focus in the project.

Click here to download the AES encrypted backdoor (client/server) — [ DOWNLOAD ]

Final Notes

Make sure to modify the source provided above and input your IP address as well as the port and anything else you might want different. Then, you can go ahead and compile it into a stand-alone executable with the following commands (assuming you have PyInstaller):

python --noconsole --onefile
python aeshell\aeshell.spec

That’s it, good to go! Check out the video in high quality for commentary.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s