Project Description:
For a recent penetration testing project I conducted on a client's network, I developed a malware in Python to extract Wi-Fi passwords from the victims and transmit them to a server. The objective was to try to gain unauthorized access to the network for further testing and assessment.
Malware Development:
- Script Language: Python was utilized to create the malware, leveraging its versatility and ease of use for such tasks.
- Functionality: The malware was designed to stealthily capture WiFi passwords of connected devices and then send this sensitive information to a remote server controlled by the testing team.
- Secrecy: Due to confidentiality reasons, the executable file and the actual script cannot be disclosed, ensuring the security and integrity of the project's findings.
Libraries Used:
Various Python libraries were employed in the development of the malware to enhance its functionality and effectiveness. While specific library names are not provided, common libraries for such tasks may include:
- Requests: Used for sending HTTP requests to the remote server.
- Socket: Facilitated network communication between the malware and the server.
- Crypto: Potentially utilized for encryption purposes to secure data transmission.
- Subprocess: Possibly used for executing system commands within the script.
Delivery Method.
The Malware was delivered to the client Via a phishing email. The email disguised as an urgent update from VLC and we were able to successfully have the client download the exe.
Ethical Considerations:
It is crucial to emphasize that using malware without explicit permission is illegal and unethical. Penetration testing should always be conducted with proper authorization from the network owner and in compliance with legal regulations. Unauthorized access to networks can have severe consequences both legally and ethically.