Backdoor Attack in Python
Performing a Backdoor Attack in a Python script
Hacking is to identify weaknesses in computer systems or networks to exploit its vulnerabilities and gaining access. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate-personal data, etc. Cybercrimes cost many companies millions of dollars every year. Businesses need to protect themselves against such attacks.
On the other hand, Python is a high-level powerful programming language, and yes, it is also used in hacking as it is supported on all operating systems.
Furthermore, it is relatively simple and fast to write codes in Python and, above all, thanks to its community Python has many libraries related to cybersecurity.
Among the many hacking techniques and tools, I choose to talk about backdoors: a sort of Bad-ware whose main purpose is to send and receive data, mostly commands, through a port to another system. Basically, the hacker installs a malicious program on the victim’s computer, which executes (on the victim’s computer) all the commands given by the hacker.
There are several ways through which hackers can install this malware on your computer, mainly by incorporating it into a pleasant and useful app, which is the Trojan.
Today we will see how to create a simple and efficient backdoor that will make you understand how a computer can be easily hacked by anyone who knows how to code.
Finally, I will suggest how to avoid backdoor attacks.
Getting started with the socket connection
To build our locally-working backdoor, we will use the socket module. Sockets and the socket API are used to send messages over the network.
As we already know to send messages, there’s who sends the message, here the Hacker, and who receives the message and replies, here the Victim.
After the Victim runs the malware we’ll create, it’s going to set up this type of connection between the hacker’s and victim’s machine:
Here, the hacker sends the commands, the victim executes them and returns the outputs to the hacker.
Intuitively, we have to create the tool that sends the commands and receives the outputs and the malware that executes the commands given and returns the outputs.
Creating the hacker’s tool
This tool will allow us to send commands to the victim and to receive the outputs
To build this tool, we will use the socket API by creating a socket server that sends and receives data:
Line 1: socket module imported.
Lines 4–5: defined my IP address (you have to enter yours) and the port, we used port 4444 since you are probably not using it.
Line 7: Created the Server.
Lines 8–10: Started the server.
Lines 11: Waiting for the victim to open the malware that we will create later.
Lines 12–13: when the victim (after opening the backdoor) asks the server to connect and we accept it.
By running this code, the victim will connect to our server (the hacker’s tool). Now we want the server to send commands to the victim and receive the output from the victim.
Line 1: We use thewhile because we want the action of sending commands and receiving output to be repeated until the program is closed.
Lines 2–5: wait for the hacker to enter the command to run on the victim’s computer, then we code it and send it
Lines 6–8: we receive the output from the victim and decode it.
The hacker’s tool is ready, but obviously, it won’t work without the backdoor.
Creating the backdoor
The backdoor is gonna connect our computer to the victim’s one. After that, it is going to receive the commands from the hacker’s tool, execute them, and send the output back to us.
Lines 1–2: imported socket and subprocess modules. We will use the subprocess to run the commands on the victim’s computer.
Lines 5–6: define the IP of our server and the port. They must be exactly like the ones we used for the server.
Lines 8–9: created the backdoor and connected it to the server.
This code will link the victim’s computer to the hacker’s computer. Now we need the backdoor to receive the commands and send the outputs to the hacker:
Line 1: As in the server, we use the while to repeat the action of receiving commands and sending the outputs forever until the hacker closes his tool.
Lines 2–4: the backdoor is waiting for the hacker to send the commands, so when it receives them it decodes them.
Line 5–7: Run the command and read the output and error.
Line 8: send output and error (if any) to the hacker.
Testing
Done! Now we need to test what we have created:
• Open your terminal (UNIX) or command prompt (Windows) and run the hacker’s tool (server) with: python server.py
• Run the backdoor on the victim’s computer
On the hacker’s computer terminal you should see the following:
Now by entering the bash commands in the Enter Command input field, you will see the outputs displayed on your terminal, from which we can conclude that we have hacked the victim’s computer.
Conclusion
In this tutorial, we saw how powerful could 38 lines of python code be. The backdoor attack is powerful because it can’t always be detected; an antivirus can’t stop you installing an innocent-looking app. To embed the backdoor we’ve created in an innocent-looking app, I suggest you use the Kivy Python framework, I will write about that soon. See you in the next article!
