Phishing

A Nice Day Phishing : Exploring Portable Python For Covert Execution

Scripting Interpreters are agreat method to achieve Command or Shellcode Execution, but one of many problems is that they:

  • Are not Native to Windows
  • Not always easy to use
  • Limited to Command or Shellcode execution, some have both!!
  • We requiere these to not be installed on the Users workstation

Python

Python is a strong language to demonstrate the capabilities of these interpreters the following screenshot demonstrates how just printing out STRINGS in their language will not get flagged, it seems that this behavior is caused because AMSI has a better grasp on Windows Native Files.

To make python feasable to our needs we have to consider this:

  • Size
  • Modules
  • Version

We encounter the issue that some Modules are missing when trying to go beyond to executing Win32 apis now the challenge is to:

  • Compile a portable version with the needed modules

Now with some debugging and lots of banging the portable version of pytohn works correctly and the modules that I needed were in the binary

With this fully functional we can utilize the portable version of python, a loader and call our payload, since the files and binary won’t run our files via double-click we need to use a parent program that will call these, and a great alternative is LNK files

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago