A tool for infected .pyc files with arbitrary code that spreads out to infect all other .pyc files
Pull request Compare This branch is 1 commit behind jgeralnik:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
LICENSE.md
README.md
b.py
byteplay.py
c.py
exploit.py
filesize.py
minify.py

README.md

Pytroj

Pytroj is a proof of concept attack against .pyc files. It searches for other .pyc files and injects itself into them. The injected code can be any python code (in this case it prints "You have been exploited").

This proof of concept only searches for .pyc files in its own directory. To use it:

 python -c 'import exploit, b, c'
 python exploit.pyc

The files b.pyc and c.pyc will now be infected. If you create another .pyc file (for example, python -c 'import byteplay') and run either b.pyc or c.pyc, the new file will also get infected.

Another way to run an infected file is to import it once the .pyc file exists:

 python -c 'import b'

The infected files print out a list of files that they have newly infected, followed by the phrase "You have been exploited"

After that, infected programs will continue to execute as normal.

Slides are here

For help, questions, or comments, feel free to contact us:

Joey Geralnik, Leon Fedotov, Itzik Kotler