NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene (h4d3s). The output is fully undetectable .
NXcrypt can inject malicious python file into a normal file with multi-threading system.
Run it with superuser's permissions.
NXcrypt output is Fully undetectable.
Backdooring Module:
Encryption Module:
Installation
git clone https://github.com/Hadi999/NXcrypt
cd NXcrypt
sudo python NXcrypt.py [options]
Usage:
* Example: Encrypt backdoor.py and output file is output_backdoor.py
sudo python NXcrypt.py --file=backdoor.py --output=output_backdoor.py
* Example: Encrypt shell.py and default output file is backdoor.py but you can edit it in source code
sudo python NXcrypt.py --file=shell.py
* Example: Inject payload.py with test.py into hacked.py with multi-threading system
sudo python NXcrypt.py --backdoor-file=payload.py --file=test.py --output=hacked.py
* NXcrypt help: sudo python NXcrypt.py --help
gravityfalls@GitHackTools:~/nxcrypt$ sudo python NXcrypt.py --help
Usage: NXcrypt.py [options]
Options:
-h, --help show this help message and exit
-f FILE, --file=FILE python file
-o OUT, --output=OUT output of python file
-b BACKDOOR, --backdoor-file=BACKDOOR
malicious python file to inject into normal file with
multi-threading system
How it work ?
Encryption module:
* NXcrypt add some junkcode .
* NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file .
* NXcrypt convert .pyc file into normal .py file .
* And in this way we can obfuscate the code
* The md5sum will change too
Injection module: It inject a malicious python file into a normal file with multi-threading system .
Test with Virustotal
Before:
SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163
File name: facebook.py
Detection ratio: 2/54
After:
SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add
File name: facebook_encrypted.py
Detection ratio: 0/55
Credits: All Credits go to Suspicious Shell Activity team
Video Tutorial:
No comments:
Post a Comment