{"id":660,"date":"2022-09-03T10:51:34","date_gmt":"2022-09-03T10:51:34","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=660"},"modified":"2022-09-03T10:51:34","modified_gmt":"2022-09-03T10:51:34","slug":"stich-python-framework-which-allows-to-build-custom-payloads-for-windows-mac-osx-and-linux","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=660","title":{"rendered":"Stich: Python framework which allows to build custom payloads for Windows, Mac OSX and Linux"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D660\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=660&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><div class=\"Layout-main\" data-view-component=\"true\">\n<div id=\"readme\" class=\"Box md js-code-block-container js-code-nav-container js-tagsearch-file Box--responsive\" data-tagsearch-path=\"README.md\" data-tagsearch-lang=\"Markdown\">\n<div class=\"Box-body px-5 pb-5\" data-target=\"readme-toc.content\">\n<article class=\"markdown-body entry-content container-lg\">\n<h1 dir=\"auto\"><\/h1>\n<blockquote class=\"wp-embedded-content\" data-secret=\"GgdditTlfA\"><p><a href=\"https:\/\/cybersecuritynest.com\/?page_id=535\">Disclaimer<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Disclaimer&#8221; &#8212; Cyber Security Nest\" src=\"https:\/\/cybersecuritynest.com\/?page_id=535&#038;embed=true#?secret=Abfnku0cm0#?secret=GgdditTlfA\" data-secret=\"GgdditTlfA\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h1 dir=\"auto\"><a id=\"user-content-about-stitch\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#about-stitch\" aria-hidden=\"true\"><\/a>About Stitch<\/h1>\n<p dir=\"auto\">A Cross Platform Python Remote Administration Tool:<\/p>\n<p dir=\"auto\">This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.<\/p>\n<h2 dir=\"auto\"><a id=\"user-content-features\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#features\" aria-hidden=\"true\"><\/a>Features<\/h2>\n<h3 dir=\"auto\"><a id=\"user-content-cross-platform-support\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#cross-platform-support\" aria-hidden=\"true\"><\/a>Cross Platform Support<\/h3>\n<ul dir=\"auto\">\n<li>Command and file auto-completion<\/li>\n<li>Antivirus detection<\/li>\n<li>Able to turn off\/on display monitors<\/li>\n<li>Hide\/unhide files and directories<\/li>\n<li>View\/edit the hosts file<\/li>\n<li>View all the systems environment variables<\/li>\n<li>Keylogger with options to view status, start, stop and dump the logs onto your host system<\/li>\n<li>View the location and other information of the target machine<\/li>\n<li>Execute custom python scripts which return whatever you print to screen<\/li>\n<li>Screenshots<\/li>\n<li>Virtual machine detection<\/li>\n<li>Download\/Upload files to and from the target system<\/li>\n<li>Attempt to dump the systems password hashes<\/li>\n<li>Payloads&#8217; properties are &#8220;disguised&#8221; as other known programs<\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-windows-specific\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#windows-specific\" aria-hidden=\"true\"><\/a>Windows Specific<\/h3>\n<ul dir=\"auto\">\n<li>Display a user\/password dialog box to obtain user password<\/li>\n<li>Dump passwords saved via Chrome<\/li>\n<li>Clear the System, Security, and Application logs<\/li>\n<li>Enable\/Disable services such as RDP,UAC, and Windows Defender<\/li>\n<li>Edit the accessed, created, and modified properties of files<\/li>\n<li>Create a custom popup box<\/li>\n<li>View connected webcam and take snapshots<\/li>\n<li>View past connected wifi connections along with their passwords<\/li>\n<li>View information about drives connected<\/li>\n<li>View summary of registry values such as DEP<\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-mac-osx-specific\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#mac-osx-specific\" aria-hidden=\"true\"><\/a>Mac OSX Specific<\/h3>\n<ul dir=\"auto\">\n<li>Display a user\/password dialog box to obtain user password<\/li>\n<li>Change the login text at the user&#8217;s login screen<\/li>\n<li>Webcam snapshots<\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-mac-osxlinux-specific\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#mac-osxlinux-specific\" aria-hidden=\"true\"><\/a>Mac OSX\/Linux Specific<\/h3>\n<ul dir=\"auto\">\n<li>SSH from the target machine into another host<\/li>\n<li>Run sudo commands<\/li>\n<li>Attempt to bruteforce the user&#8217;s password using the passwords list found in Tools\/<\/li>\n<li>Webcam snapshots? (untested on Linux)<\/li>\n<\/ul>\n<h2 dir=\"auto\"><a id=\"user-content-implemented-transports\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#implemented-transports\" aria-hidden=\"true\"><\/a>Implemented Transports<\/h2>\n<p dir=\"auto\">All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system.<\/p>\n<h2 dir=\"auto\"><a id=\"user-content-implemented-payload-installers\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#implemented-payload-installers\" aria-hidden=\"true\"><\/a>Implemented Payload Installers<\/h2>\n<p dir=\"auto\">The &#8220;stitchgen&#8221; command gives the user the option to create\u00a0<a href=\"http:\/\/nsis.sourceforge.net\/Main_Page\" rel=\"nofollow\">NSIS<\/a>\u00a0installers on Windows and\u00a0<a href=\"http:\/\/stephanepeter.com\/makeself\/\" rel=\"nofollow\">Makeself<\/a>\u00a0installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must\u00a0<a href=\"http:\/\/nsis.sourceforge.net\/Download\" rel=\"nofollow\">download<\/a>\u00a0and install NSIS.<\/p>\n<h2 dir=\"auto\"><a id=\"user-content-wiki\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#wiki\" aria-hidden=\"true\"><\/a>Wiki<\/h2>\n<ul dir=\"auto\">\n<li><a href=\"https:\/\/github.com\/nathanlopez\/Stitch\/wiki\/Crash-Course\">Crash Course of Stitch<\/a><\/li>\n<\/ul>\n<h2 dir=\"auto\"><a id=\"user-content-requirements\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#requirements\" aria-hidden=\"true\"><\/a>Requirements<\/h2>\n<ul dir=\"auto\">\n<li><a href=\"https:\/\/www.python.org\/downloads\/\" rel=\"nofollow\">Python 2.7<\/a><\/li>\n<\/ul>\n<p dir=\"auto\">For easy installation run the following command that corresponds to your OS:<\/p>\n<div class=\"snippet-clipboard-content notranslate position-relative overflow-auto\">\n<pre class=\"notranslate\"><code># for Windows\r\npip install -r win_requirements.txt\r\n\r\n# for Mac OSX\r\npip install -r osx_requirements.txt\r\n\r\n# for Linux\r\npip install -r lnx_requirements.txt\r\n<\/code><\/pre>\n<\/div>\n<ul dir=\"auto\">\n<li><a href=\"https:\/\/pypi.python.org\/pypi\/pycrypto\" rel=\"nofollow\">Pycrypto<\/a><\/li>\n<li><a href=\"http:\/\/docs.python-requests.org\/en\/master\/\" rel=\"nofollow\">Requests<\/a><\/li>\n<li><a href=\"https:\/\/pypi.python.org\/pypi\/colorama\" rel=\"nofollow\">Colorama<\/a><\/li>\n<li><a href=\"https:\/\/pypi.python.org\/pypi\/PIL\" rel=\"nofollow\">PIL<\/a><\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-windows-specific-1\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#windows-specific-1\" aria-hidden=\"true\"><\/a>Windows Specific<\/h3>\n<ul dir=\"auto\">\n<li><a href=\"http:\/\/www.py2exe.org\/\" rel=\"nofollow\">Py2exe<\/a><\/li>\n<li><a href=\"https:\/\/sourceforge.net\/projects\/pywin32\/\" rel=\"nofollow\">pywin32<\/a><\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-mac-osx-specific-1\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#mac-osx-specific-1\" aria-hidden=\"true\"><\/a>Mac OSX Specific<\/h3>\n<ul dir=\"auto\">\n<li><a href=\"https:\/\/pythonhosted.org\/pyobjc\/\" rel=\"nofollow\">PyObjC<\/a><\/li>\n<\/ul>\n<h3 dir=\"auto\"><a id=\"user-content-mac-osxlinux-specific-1\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#mac-osxlinux-specific-1\" aria-hidden=\"true\"><\/a>Mac OSX\/Linux Specific<\/h3>\n<ul dir=\"auto\">\n<li><a href=\"http:\/\/www.pyinstaller.org\/\" rel=\"nofollow\">PyInstaller<\/a><\/li>\n<li><a href=\"https:\/\/pexpect.readthedocs.io\/en\/stable\/\" rel=\"nofollow\">pexpect<\/a><\/li>\n<\/ul>\n<h2 dir=\"auto\"><a id=\"user-content-to-run\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#to-run\" aria-hidden=\"true\"><\/a>To Run<\/h2>\n<div class=\"snippet-clipboard-content notranslate position-relative overflow-auto\">\n<pre class=\"notranslate\"><code>python main.py\r\nor\r\n.\/main.py\r\n<\/code><\/pre>\n<\/div>\n<h2 dir=\"auto\"><a id=\"user-content-motivation\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#motivation\" aria-hidden=\"true\"><\/a>Motivation<\/h2>\n<p dir=\"auto\">My motivation behind this was to advance my knowledge of python, hacking, and just to see what I could accomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done by\u00a0<a href=\"https:\/\/github.com\/n1nj4sec\/pupy\">n1nj4sec<\/a>, but still decided to put this up since I had already come so far.<\/p>\n<h2 dir=\"auto\"><a id=\"user-content-other-open-source-python-rats-for-reference\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#other-open-source-python-rats-for-reference\" aria-hidden=\"true\"><\/a>Other open-source Python RATs for Reference<\/h2>\n<ul dir=\"auto\">\n<li><a href=\"https:\/\/github.com\/vesche\/basicRAT\">vesche\/basicRAT<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/n1nj4sec\/pupy\">n1nj4sec\/pupy<\/a><\/li>\n<\/ul>\n<h2 dir=\"auto\"><a id=\"user-content-screenshots\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#screenshots\" aria-hidden=\"true\"><\/a>Screenshots<\/h2>\n<p dir=\"auto\"><a href=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706500\/76fdb962-d37c-11e6-9284-093ad065aeca.PNG\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" src=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706500\/76fdb962-d37c-11e6-9284-093ad065aeca.PNG\" alt=\"linux options\" \/><\/a>\u00a0<a href=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706517\/80d977b4-d37c-11e6-9588-5cd1bb3ecf37.PNG\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" src=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706517\/80d977b4-d37c-11e6-9588-5cd1bb3ecf37.PNG\" alt=\"win_options\" \/><\/a>\u00a0<a href=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706518\/83c8509e-d37c-11e6-9f6e-f86b3a696c1a.PNG\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" src=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706518\/83c8509e-d37c-11e6-9f6e-f86b3a696c1a.PNG\" alt=\"win_upload\" \/><\/a>\u00a0<a href=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706506\/79f54e96-d37c-11e6-928b-68a8c57df919.PNG\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" src=\"https:\/\/cloud.githubusercontent.com\/assets\/13227314\/21706506\/79f54e96-d37c-11e6-928b-68a8c57df919.PNG\" alt=\"osx_download\" \/><\/a><\/p>\n<h2 dir=\"auto\"><a id=\"user-content-license\" class=\"anchor\" href=\"https:\/\/github.com\/nathanlopez\/Stitch#license\" aria-hidden=\"true\"><\/a>License<\/h2>\n<p dir=\"auto\">See\u00a0<a href=\"https:\/\/github.com\/nathanlopez\/Stitch\/blob\/master\/LICENSE\">LICENSE<\/a><\/p>\n<h1 dir=\"auto\">DISCLAIMER<\/h1>\n<p dir=\"auto\"><strong>Stitch is for education\/research purposes only. The author takes NO responsibility and\/or liability for how you choose to use any of the tools\/source code\/any files provided. The author and anyone affiliated with will not be liable for any losses and\/or damages in connection with use of ANY files provided with Stitch. By using Stitch or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again Stitch and ALL files included are for EDUCATION and\/or RESEARCH purposes ONLY. Stitch is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested.<\/strong><\/p>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"Layout-sidebar\" data-view-component=\"true\">\n<div class=\"BorderGrid BorderGrid--spacious\" data-pjax=\"\">\n<div class=\"BorderGrid-row hide-sm hide-md\">\n<div class=\"BorderGrid-cell\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D660\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=660&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>About Stitch A Cross Platform Python Remote Administration Tool: This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":662,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[8],"tags":[],"class_list":["post-660","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/660"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=660"}],"version-history":[{"count":4,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/660\/revisions"}],"predecessor-version":[{"id":665,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/660\/revisions\/665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/662"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}