A Python Package for creating backdoors!

python
reverseshell
backdoor
remoteshell

(John) #1

Hey, guys (and gals)!
Long time no see. I 've been working hard on several projects and stuff lately so I was just an observer all that time.

Observing this page and several projects starting on github, I was really impressed with how many backdoor projects are being created.
I remember reading about the “stelf shell” (https://0x00sec.org/t/how-to-get-a-super-stelfy-shell-that-av-doesnt-pick-up) the other day, and I was surprised on how many features this guy got to code from scratch. I felt a bit sorry for the time he spent coding actually, as I felt sorry for myself when writing the “Pozzo & Lucky Shell” (https://securosophy.com/2016/09/19/pozzo-lucky-stego-in-tcpip-part-2/).
Generally re-implementing backdoor related stuff has been a part of my life…

I came up with something really nice, this time though…

So I came up with an idea to create a package that contains all bits and parts of a backdoor (both agent and handler tools)

Meet the covertutils package!

Been working several months on this. And finally I am quite ready to show you!
Here it is then:

You can find the latest documentation on Read The Docs :
http://covertutils.readthedocs.io/

And, of course, Programming Examples : http://covertutils.readthedocs.io/en/latest/prog_examples.html

Let’s finally create a polymorphic enough standard!

My focus was to make all network traffic not only encrypted, but unique, rendering impossible the network signatures.
Also oriented the whole project, not towards the standard reverse TCP/HTTP stuff, but made it Network Agnostic, making possible any creative Communication Channel.

No external dependencies

A battle I so far win! I am keeping this package dependency-less. Yet any project that uses this package can have all kinds of deps.
I chose dependency free design to ensure Python Freeze software will work flawlessly!

Github Issues always welcome

I have never used this package as a client/developer, except for writing tests and coding examples.
I am sure there are some bugs lurking around.
If you find one, don’t kill it alone. Bring company - you know what to do…

On PyPI

How would I not publish on PyPI?

pip install covertutils and you are ready to roll!

Please share what you create!

If it is a new meterpreter alternative or a simple stage (oh it supports dynamic module loading: http://covertutils.readthedocs.io/en/latest/stage_api.html), please post it somewhere. I 'm really curious to see my baby in good use!

Interesting on some internals? Got you covered!

I am sure that this forum will appreciate such Python Package a lot!

Don’t miss my TUTORIAL on creating a full-blown Reverse TCP Backdoor with all features included (file upload/download, remote extension loading, password protection, etc).


(Security Architect & Founder) #2

This is a really really really nice idea! Abstraction is one of the keys to productivity.

I am going to quick check through this code to make sure there are no backdoors in it :stuck_out_tongue: Can you make a tutorial on how to make a basic shell with this framework? That would be really helpful to a lot of newbies!


(John) #3

I 'll sure do!
Untill then you can tinker with the Programming Examples (http://covertutils.readthedocs.io/en/latest/prog_examples.html)
There is even an ICMP backdoor in there!

The TCP Bind Shell classic can be found here:
http://covertutils.readthedocs.io/en/latest/prog_examples.html#simple-tcp-bind-shell


(Security Architect & Founder) #4

In your understanding, does the handler run on the attacker system, and the shell run on the victim, or vice versa?

I have always understood the handler to run on the attacker system in a reverse shell enviornment.

EDIT: I have just looked through the HTTP shell and the ICMP shell, and it’s so cool. I think this API is going to be pretty popular.


(John) #5

Handler is run on the Attacker.
Agent on the Pwned system.
You understand correctly.

But BaseHandler class and derivatives are used to create both of them. Think of the Handler class as a type of abstract socket.

This is my research for almost a year. The modelling of a backdoor, and break down to parts. The package is coded entirely on those principles.


(John) #6

Oh, and documentation isn’t even close to finished yet. More topics and How-Tos are worked at the moment.

  • Protocol Specification,
  • API explanation
  • Design decisions
  • and more…

I don’t expect you to understand the whole package by reading its code (and finding out about my backdoors :wink: )


(John) #7

Published a page about the IDS evasion technique I try to utilize:
http://covertutils.readthedocs.io/en/latest/ids_evasion.html

and another page with some (or maybe a lot) architectural information:
http://covertutils.readthedocs.io/en/latest/architecture.html

For the tutorial part I will start a new topic. Stay tuned!

Thank everyone for his/her interest! I am amused! I never saw so many github stars on any of my projects before!


#8

Hey @operatorequals o/ For several weeks i was working on project of my own and just posted it on github: Launchpad. It is very much barebones so far. Aim of the project is to create file-less agent that is interacted with through dashboard website. I can totally see your package being VERY useful.

Thing is your package is python 2.7. Why? Why would anyone create new things in 2.7? Any chance to see python3 port or should i just ignore it and implement things on my own?


(John) #9

In my humble opinion Py2 provides some conveniences that Py3 doesn’t.
Anyway, I can see your point and the good fella cclauss (https://github.com/cclauss) is working on it.

My guess is that if you wait a while, you can use covertutils along with Py3.


#10

Cool beans, cant wait for port

What conveniences though? In my experience py3 was nothing but conveniences :wink: print took some getting used to but its small price to pay for all the goodies that come with it.


(John) #11

I am mainly talking about my beloved "string here".encode(whatever) function!

It even supports zip.
I know that strings are fundamentally different in Py3 (and I can see that it is a more correct approach) nevertheless I can’t help but use Py2 str like bytearrays


#12

Well… At least you arent in denial and agree that new ways are kosher ways :wink: But in py3 you can too use binary strings: b'raw binary string'. But you knew that i guess.


(John) #13

Computer community doesn’t need more fellows in denial.
Did you see what happened with exa as an ls alternative on Hacker News (https://news.ycombinator.com/item?id=14923362)? Most of the mess was made by denial of a better tool than the legendary ls. The rest by guys hating the guys on denial.

I just can’t get used to hexlify and such stuff. It gets frustrating at times, but If Py3 is the new better way, I don’t want to code Py2 just by myself.

Yet, Py2 is the standard, and, in the other hand, I can see why and I don’t believe that it is only that people are used to code in certain ways… I find it a little more intuitive.

Anyway, this conversation can take forever. This topic is unsolvable. You can screw a screw with a knife and cut an apple with a screwdriver, but I guess there is a reason we do it the other way. Tools are good at things. Unifying tools is handy but difficult.


#14

Once py3 is complete can i start lobbying for spaces and pep8 formatting? :wink:


(John) #15

Yeah. My pylint score is about -17 already (claps).
Do not bother that before the code gets passed through an autopep.

The thing is that I started coding for myself, and there is legacy code in there, even if legacy means 7 month old. All my code is bloated with spaces between arguments and parentesis because “that’s how I usually do it” (it’s a Vivek’ish coding style). I also prefer tabs to the point I sed my code to insert tabs instead of 4 spaces.
God am I heretic…


#16

I was tab fan in the past as well. Thing is it creates too much friction when majority out there is using spaces. And so i capitulated - if you cant win then join them :wink: And now tabs are discouraging contribution because i know there will be nonsense i have to deal with…


(Temiloluwa) #17

This is probably one of the best python package i am going to use… Yet to try it out but im sure it is going to be awesome…


(Temiloluwa) #18

Yeah man, i support … I am still figuring out a way to change my style… Using cap is just too addictive

But since it is no longer supported/encourage. Gonna try using spaces.


(Temiloluwa) #19

@rokups, i still love using py2.7.

You can use both anyway by installing them differently unless you are too much in love with py3


(John) #20

The tutorial is ready and already published in 0x00sec post.

Free beers can be won by reading it (you have been warned)