NXcrypt – Python Backdoor Framework

NXcrypt

NXcrypt is a polymorphic ‘python backdoors’ crypter written in python by Hadi Mene (h4d3s) . The output is fully undetectable .

NXcrypt can inject malicious python file into a normal file with multi-threading system .

Run it with superuser’s permissions .

NXcrypt output is Fully undetectable .

Usage :

sudo ./NXcrypt.py –file=backdoor.py –output=output_backdoor.py # encrypt backdoor.py and output file is output_backdoor.py

sudo ./NXcrypt.py –file=shell.py # encrypt shell.py and default output file is backdoor.py but you can edit it in source code

sudo ./NXcrypt.py –help # NXcrypt help

sudo ./NXcrypt.py –backdoor-file=payload.py –file=test.py –output=hacked.py # inject payload.py with test.py into hacked.py with multi-threading system

How it work ?

Encryption module :

NXcrypt add some junkcode .

NXcrypt use a python internal module ‘py_compile’ who compile the code into bytecode to a .pyc file .

NXcrypt convert .pyc file into normal .py file .

And in this way we can obfuscate the code

The md5sum will change too

Injection module :

it inject a malicious python file into a normal file with multi-threading system .

Test with Virustotal
Before :
SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163 File name: facebook.py Detection ratio: 2 / 54
After :
SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add File name: facebook_encrypted.py Detection ratio: 0 / 55Video Tutorialhttps://www.youtube.com/watch?v=s8Krngv2z9Q
Download NXcrypt

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s