Mubassir
Here you get best pentestools provide hacking and penetration testing, cracking, web penetration testing, linux tool, windows, android, iphone hacking tools. And also tutorials of hacking and web pentesting.for Hacking and Penetration Testing

NXcrypt : Python Backdoor

0

NXcrypt

  • NXcrypt is a polymorphic ‘python backdoors’ crypter written in python by Hadi Mene (h4d3s) . The output is fully undetectable .
  • This tool can inject malicious python file into a normal file with multi-threading system .
  • Run it with superuser’s permissions .
  • This tool’s output is Fully undetectable .

Backdooring Module :

NXCrypt

Encryption Module

NXCrypt

Usage :

  • sudo ./NXcrypt.py –file=backdoor.py –output=output_backdoor.py # encrypt backdoor.py and output file is output_backdoor.py
  • sudo ./NXcrypt.py –file=shell.py # encrypt shell.py and default output file is backdoor.py but you can edit it in source code
  • sudo ./NXcrypt.py –help # NXcrypt help
  • sudo ./NXcrypt.py –backdoor-file=payload.py –file=test.py –output=hacked.py # inject payload.py with test.py into hacked.py with multi-threading system

How it work ?

  • Encryption module :
  • This tool add some junkcode .
  • This is use a python internal module ‘py_compile’ who compile the code into bytecode to a .pyc file .
  • This tool can be convert .pyc file into normal .py file .
  • And in this way we can obfuscate the code
  • The md5sum will change too
  • Injection module :
  • NXCrypt inject a malicious python file into a normal file with multi-threading system .

Test with Virustotal

Before :

SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163 File name: facebook.py Detection ratio: 2 / 54

After :

SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add File name: facebook_encrypted.py Detection ratio: 0 / 55

Leave A Reply

Your email address will not be published.