BrainDamage
A python-based remote administration tool that uses Telegram as a C&C server.
—
--> Coded by: Mehul Jain
--> For windows only
—
--> Persistance
--> USB spread
--> Port Scanner
--> Router Finder
--> Run shell commands
--> Keys logging
--> Insert keystrokes
--> Record audio
--> Webserver
--> Screenshot logging
--> Download files in the host
--> Execute shutdown, restart, logoff, lock
--> Send drive tree structure
--> Set email template
--> Rename Files
--> Change wallpaper
--> Open website
--> Send Password for
• Chrome
• Mozilla
• Filezilla
• Core FTP
• CyberDuck
• FTPNavigator
• WinSCP
• Outlook
• Putty
• Skype
• Generic Network
--> Cookie stealer
--> Send active windows
--> Gather system information
• Drives list
• Internal and External IP
• Ipconfig /all output
• Platform
Setup
Telegram setup:
- Install Telegram app and search for “BOTFATHER”.
- Type /help to see all possible commands.
- Click on or type /new bot to create a new bot.
- Name your bot.
- You should see a new API token generated for it.
Dedicated Gmail account. Remember to check “allow connection from less secure apps” in Gmail settings.
Set access_token in eclipse.py to token given by the botfather.
Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram API to get this chat id.
bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}
Abilities
- who is online- list active slaves
This command will list all the active slaves.
This command will remove the stub from host and will remove registry entries.
- cmd- execute a command on CMD
Run shell commands on host
- download- URL (startup, desktop, default)
This will download files in the host computer.
- execute- shutdown, restart, logoff, lock
Execute the following commands
- screenshot- take a screenshot
Take screenshot of the host of computer.
- send- passwords, drive tree, drives list, keystrokes, open windows
This command will sends passwords (saved browser passwords, FTP, Putty…), directory tree of host (upto level 2), logged keystrokes and windows which are currently open
- set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text)
This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host.
- start- website (URL), keylogger, recaudio (time), webserver (Port), spread
This command can open website, start keylogger, record audio, start webserver, USB Spreading
- stop- keylogger, the webserver
This command will stop keylogger or webserver
- wallpaper- change wallpaper (URL)
Changes wallpaper of host computer
- find- open ports (host, threads, ports), router
This command will find open ports and the router the host is using
Requirements
Screenshots
