Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A tool for infected .pyc files with arbitrary code that spreads out to infect all other .pyc files
Python
branch: master

Update README.md

adding links
latest commit b3954a8010
@LeonFedotov LeonFedotov authored
Failed to load latest commit information.
LICENSE.md Update LICENSE.md
README.md Update README.md
b.py Initial commit
byteplay.py Commented code, fixed license
c.py Initial commit
exploit.py syntatic changes
filesize.py Initial commit
minify.py adding minifier

README.md

Pytroj

Pytroj is a proof of concept attack against .pyc files. It searches for other .pyc files and injects itself into them. The injected code can be any python code (in this case it prints "You have been exploited").

This proof of concept only searches for .pyc files in its own directory. To use it:

 python -c 'import exploit, b, c'
 python exploit.pyc

The files b.pyc and c.pyc will now be infected. If you create another .pyc file (for example, python -c 'import byteplay') and run either b.pyc or c.pyc, the new file will also get infected.

Another way to run an infected file is to import it once the .pyc file exists:

 python -c 'import b'

The infected files print out a list of files that they have newly infected, followed by the phrase "You have been exploited"

After that, infected programs will continue to execute as normal.

Slides are here

On the web

For help, questions, or comments, feel free to contact us:

Joey Geralnik, Leon Fedotov, Itzik Kotler

Something went wrong with that request. Please try again.