• Python Implants: Dynamic Imports, Duck Punching and Pickling

    by  • May 30, 2012 • Uncategorized

    Earlier this year the world got it’s first taste of major mac malware, flashback. In the month of April, Sophos reported on a python backdoor used in some of the attacks. When I first heard this I was excited to see something new, but not too excited when I noticed how the backdoor was constructed. 

    When it comes to Python-related implants, Immunity is king. I almost didn’t write this article because they do such a good job that I couldn’t possibly provide more value, but I haven’t found many write-ups discussing some of the cooler Python techniques with a malware spin. Furthermore, after seeing this article, I couldn’t help but feel inspired to create something on my own just to mess around.

    The basic premise of this exercise was to assume the computer (Mac or Linux) was owned and that we needed a listener on the system to allow us to do whatever we wanted. The main focus here though was getting additional functionality without modifying the system too much and also pulling functionality from the web and updating our existing implant instance.

    Dynamic Imports

    When on an unknown system, I find it best to modify as little as possible, if anything at all, to avoid detection. Unfortunately though, not everyone has the more specialized Python libraries installed that we may want, so we can’t import them and therefore lose some of our capabilities. 

    However, it is possible to grab Python code from the web, read it into a module and then add it to our sys modules. Using this technique it is possible to download all the components to a library, import them in the proper order and then use them to do what we want. For my example I used xmpppy (import xmpp). If I wanted to use XMPP as my C2 communications, then I would need to have the xmpppy library installed.

    This method, while not perfect, introduces patching existing class instances with new functionality. From an implant perspective, we want to remain as benign as possible on the filesystem. Commands calling “/bin/sh” or opening sockets is likely to grab attention from any scanner. However, patching those same calls in at runtime ensures that we might get to stay on a bit longer.

    Remote Pickling

    The last technique and the one I think Immunity uses for its purposes is pickling. Pickling allows us to save a class instance and load it elsewhere. In other words, we can build up an object locally with all the commands, libraries, etc., that we want in our implant and then pickle it. Once pickled, we can marshal this file across the network to our owned system, load it up and operate with all our functionality. 

    In my opinion, this is the best way to go because it is portable, ensures little will be done to change the remote system and can easily be updated by passing the pickle back. Furthermore, it is possible to pickle in different formats from a standard file to JSON. In theory, it is possible that one could return an implant object via web service call. Instead of creating yet another write-up, I will defer to this article on the subject of pickling. 


    Python is on a lot of systems by default and contains a good deal of functionality in its base build. As more cross-platform exploits emerge, I suspect more work will be done within the underground to improve the implants used on Mac and Linux. I believe Python to be one of the best solutions just because of the flexibility and widespread understanding of it.