PyIris-backdoor: modular, stealthy and flexible remote-access-toolkit
The PyIris Project
The PyIris project is a modular, stealthy and flexible remote-access-toolkit written completely in python. It allows users to dynamically build, generate, and encode/encrypt remote-access-trojan payloads for remote control of other compromised hosts.
Features (Both Windows and Linux)
- Tab completion for most commands
- Dynamically generate scouts
- Robust error handling to allow scouts to recover from sudden disconnects
- Upload and download files from and to the target machine
- Sleep, kill and disconnect scouts
- Download files from external urls (web downloads)
- Keylogging in memory
- Displaying system information
- Taking screenshots without writing to disk
- See all currently open visible and nonvisible windows on the target
- Check to see if a scout is running with admin/root privileges
- Inject keystrokes
- Compile payloads into Windows EXEs or Linux ELFs
- Clear, set, or dump clipboard data
- Setting audio
- Take pictures from the webcam without writing to disk
- Stackable encryption of scout payload source code, in a theoretically infinite stack in infinite variations
- execute arbitrary python code and read the results even if the python interpreter is not installed on the target machine from compiled scouts
- request for admin/root
- sleep for an arbitrary length of time before running (To bypass AV dynamic program analysis)
- self-delete (only works for scripts)
- Stream webcam over TCP sockets (pretty laggy will work on a UDP version)
Features (Windows)
- Archive persistence through the windows registry (HKEY_CURRENT_USER)
- Archive persistence through the windows startup folder
- Remote Command Execution through cmd.exe or powershell.exe (provided it is not blocked)
- Open URLs from a native browser (internet explorer ewww)
- Shutdown, restart, lock, logoff user gracefully without connection hanging from scout payload
- Execute or open files remotely
- Check the user idle time
- Dump saved chrome passwords (won’t work with the latest Chrome browsers since they changed encryption methods and I’m kinda lazy to update this lol)
- Disbale/ Enable the targets keyboard/mouse
- Bypass UAC through sdclt.exe (Has already been patched in recent windows updates)
Features (Linux)
- Achieve persistence through cron jobs (crontab)
- Remote Command Execution through the bash shell
