Grok-backdoor: Simple python backdoor with Ngrok tunnel support

by do son · June 9, 2018

Grok-backdoor

Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, Linux and Mac binaries using Pyinstaller.

Disclaimer:

All the code provided in this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

How it works:

Features:

Multi-platform support(Windows, Linux, Mac) – No cross compiling at the moment, you need to run this code on respective platforms to generate binaries for different platforms.
Authenticated bind shell
Ngrok tunnel support to bypass firewall/proxy restrictions.

Installation

git clone https://github.com/deepzec/Grok-backdoor.git
pip install -r requirements.txt

Usage:

You need to register an account in ngrok.com to use this backdoor, provide Ngrok auth code while configuring the grok-backdoor. You will see a new tcp tunnel created in Ngrok status panel after the grok-backdoor server execution in victim machine

Create backdoor binary by running :

python grok-backdoor.py

Linux:

Windows :

You can find the output binary in grok-backdoor/dist/ directory:

Run grok-backdoor output binary in victim machine and log in to Ngrok.com control panel to see the tunnel URL:

Telnet to tunnel URL to get the Bind shell: Enjoy shell 🙂

How to embed ngrok binary with the backdoor?

choose No when grok-backdoor ask for “Do you want to download Ngrok binary during execution?”. If you choose ‘N’ it will bind ngrok with the output backdoor binary