Self-Destructing Python Script

EnergyWolf · August 6, 2016, 4:45pm

This is short, and hopefully not completely uninteresting etc.
I just wanted to be able to do this, and thought it would be pretty neat.
The self-destruction of the file is achieved by it securely deleting itself.

On Linux:

#!/usr/bin/env python

import subprocess as sp
from os import path

# This gives us the absolute(full) path to this python script
self_path = path.abspath(__file__)

# Do stuff -- I just created a folder
sp.call(["mkdir", "/home/User/Desktop/thinair"])

# At the end of the script, the file shreds itself
sp.call(["/usr/bin/shred", "-fuz" , self_path])

Basically you get the scripts own file path using _file_(stackoverflow), and you can then delete it in whatever way you like when the script has finished.

I used the Linux shred cmd, where:

-f, --force
change permissions to allow writing if necessary

-u     truncate and remove file after overwriting

-z, --zero
add a final overwrite with zeros to hide shredding

shred manpage


**On Windows:**

```python
import os

# This gives us the absolute(full) path to this python script
file_path = os.path.abspath(__file__)

# Do stuff -- I just created a folder
os.system("mkdir %USERPROFILE%\Desktop\dontlook")

# At the end of the script, the file is deleted & over-written
os.remove(file_path)
folder_path = os.path.dirname(file_path)
os.system("cipher /W:%s" % folder_path)
```
The Python codes needed to actually delete a file/folder are given in [this](https://stackoverflow.com/questions/6996603/how-do-i-delete-a-file-or-folder-in-python) stackoverflow accepted answer, those being:

<code>os.remove()</code> will remove a file.
<code>os.rmdir()</code> will remove an empty directory.
<code>shutil.rmtree()</code> will delete a directory and all its contents.

As you may have guessed, this doesn't overwrite the deleted data like <code>shred</code> does on Linux. However, there is a Windows command <code>cipher</code> whose particulars you can see for yourself either by looking [here](https://support.microsoft.com/en-us/kb/315672) or typing  <code>cipher /?</code>  into a CMD prompt. The following windows command will overwrite _deleted_ data on the specified volume and/or directory:

<code>cipher /w:drive_letter:\folder_name</code>

My own tests on Windows 7 successfully delete the script and _appear_ to overwrite the data... however, since I haven't attempted to retrieve the deleted script forensically, I can't yet vouch for that 100%. But the Windows docs for <code>cipher</code> above do seem confident with themselves.

(_Something to maybe bear in mind.. possible very lengthy overwrite times with_ <code>cipher</code> _depending on the size of the target folder/drive. Test this out first._)

~~~~~~~~~

So, no great scripting revelations here :grin:, I'm sure most of you would know how to do this if you wanted to, but like I said, I just liked the idea of a script deleting itself after performing it's duties, maybe in an attempt to cover it's own tracks. Perhaps it could come in handy in certain situations?

Thanks for reading

~~~~~~~~

root_haxor · August 6, 2016, 4:50pm

nice idea!! mate thank for share, any idea how it can be done if i have to do it on windows system

Cromical · August 6, 2016, 9:38pm

Hm. Not too sure 'bout that mate. I suppose you could just do something similar but using Windows Paths. Although I’d very much suggest you try to stray away from Windows. Not that it’s bad or such, but because it would be very much in your favour if you did this all in Linux. A way you could do so is make a bootable live usb, with a version of Kali. (I have 2 with Lubuntu in them).

Cromical · August 6, 2016, 9:38pm

This is amazing! Thank you for sharing!

root_haxor · August 6, 2016, 11:01pm

I am linux user bruh, wrote some windows exploits so asked

EnergyWolf · August 6, 2016, 11:09pm

Good idea, I think my edit should address that, though I have to say I haven’t yet tried it myself. No reason why it shouldn’t work though.

Cromical · August 7, 2016, 6:37am

I know, I was just saying it would be much-much easier if you did this in Linux. Sorry for the mix up and have a great day!

EnergyWolf · August 8, 2016, 10:51pm

I added the code for Windows to the post. Seems to work too! Hope that helps.

root_haxor · August 9, 2016, 2:28am

thankyou for update !

falcon403 · August 9, 2016, 9:53am

Great tip @EnergyWolf! Definitely will be useful for anti-forensics or just to annoy your friends.

pry0cc · August 9, 2016, 6:07pm

Nice post man! This is really decent stuff. The pretty much only way to develop signatures needed for Anti-Virus would be to get hold of the script or process itself. If you remove the script altogether you greatly improve your chances of survival

deDusteh · September 5, 2016, 4:03pm

Sad the file link isn’t available anymore

oaktree · September 5, 2016, 4:05pm

@deDusteh
Implement it yourself. You’ll learn stuff!

EnergyWolf · September 11, 2016, 5:08pm

Not sure which link you are referring to… if you mean the link for __file__ it still works for me.

system · January 21, 2018, 12:30am

This topic was automatically closed after 30 days. New replies are no longer allowed.