- Brian Smith
- Abiram Kaimathuruthy
- Python 3.7
- pynput
- paramiko
- SFTP server
In order to make it easier for you, we have created install and uninstall bash scripts that take care of installing and removing the libraries and output files.
We have made the following assumptions:
- SFTP server is running on port 22
- SFTP server is located on localhost
- There exist a
labuser with a home - The password for the the
labuser islab
Before we begin, you can configure some options. The following directories need to be present before running the python file (This is created for you in install script):
/home/lab/Erebus/input/home/lab/Erebus/output
The following files need to be in /home/lab/Erebus/input directory:
keyLogger.pyreverseShell.pycommandsA text file with commands to run on the infected machine. One entry per line.
IMPORTANT: The program sleeps for long durations between commands. If you want to test it quickly you can adjust the sleep timers in keyLogger.py and reverseShell.py files.
Please execute secretSanta.py. Note that the malicious part is not executed every time and therefore you might have to run it a couple of times. To see more information, please take a look at the use case 1.
You can run the following to check if it is running after the main program has ended.
ps aux | grep 'secretSanta'- IT employee
User runs the program
secretSanta.py has been executed by the user
- Key logs are uploaded to SFTP server
- Command results are uploaded to SFTP
- The system will ask the user for a gift.
- The user inputs a value.
- The system executes the malicious part of application*. It downloads all the required pieces of code from the SFTP server and executes them.
- The system starts logging the keystrokes and runs commands periodically.
- The system displays the confirmation message to the user.
The malicious part of the application runs about 40% of the time to avoid being predictive.