For the ones who didn’t know yet, a Trojan Horse Attack consists of embedding en exploit in an innocent-looking Application, or even in a document. As you might have guessed today we will embed a backdoor into a Kivy-made GUI. This attack is quite simple, the only thing you need to know is just some python and networking basics. Let us get started!
How to build?
Among the many things we can embed in a Trojan Horse, I choose to embed a Backdoor. We will be using the one I talked about in this article:
Basically, you can embed everything, but today we’ll embed a backdoor.
This is a key point, we will use the Kivy framework in order to develop an Innocent-looking app, but as the Trojan attack says, it will contain the malicious backdoor, which we’ll use to gain access to the computer. From then, you’ll own the target’s computer.
Disclaimer : I am not a graphical apps experienced developer, just use them when I need. So the Trojan we’ll build has not a good graphics, however, you’ll be able to imporove it on your own with the Kivy’s documentation.
As said in the disclaimer, today we won’t focus on the graphic of the App, that can be easily improved just by going to Kivy’s Documentation, rather, we’ll focus on how to embed everything you want(here a Backdoor) in a graphical app.
The Hacker’s Machine
After all, this time spent on talking about what we will do in order to own the Victim’s Machine, let’s talk about the hacker. When we talked about how to send commands to the Backdoor to execute them on the victim computer in this article, we built our own tool to do that. But today, we’ll use Netcat.
Just open a Terminal Window and:
Talk is Cheap, Show me the code
Now it Is the moment to code our Trojan. Basically, we’ll organize using a function(a malicious one), and a class(the GUI). Such a simple code.
Lines 1/2: Imported some Kivy basic modules.
Lines 4/6: Imported the Socket and Subprocess module for the backdoor. Then the threading module in order to be able to execute both the malicious code and neutral(the GUI code).
Lines 9/22: Used the code of the Backdoor Attack in Python article to create a main function that contains the backdoor.
Lines 26/27: Build a “Hello World” simple GUI.
Lines 31/32: Created a thread for the
main() function and then started it (
Lines 35/36: Ran the simple GUI.
The Attack, finally
Here it comes the Best: the Attack.
On the Attacker Machine
As shown previously, we will be using Netcat to bind a port and listen for incoming connections. In this case, we will use the well known 4444 port. This command will give you no output until the Victim connects.
On the Target Machine
After having started the attack on the Attacker’s Machine, we can complete it on the victim machine.
Just export the code to the target machine and execute it, in order for the backdoor to work make sure you entered the right IP address at line 10.
Once you execute the code on the Victim computer, you’ll see a Kivy app saying “hello world” on the victim’s, and you’ll see this on the Attacker’s side:
So, we got a shell on the Victim computer using a Reverse Shell. Great!
Cybersecurity-related Articles you Might enjoy
Please, feel free to take a look at them:
Hunt down social media accounts by username across social networks
How to hunt down Social Media accounts from usernames using Sherlock
Thanks for reading!