Ask a malware coder anything

5870 dropbox.com/s/47z9dz17bf5nszu/Sup Forums.zip?dl=1

how do you start coding malware in python

I am giving a talk at pycon, so I think so.

I paid for Norton because of scum like you. :^)

Lmao python is a high level scripting language its cool because it work on ALL unix systems and its pretty powerful

my malware targets unix systems not windows

so I know a lot of the finance space is stuck in python 2, what do you prefer, 2 or 3?

You can't get my server. It's behind cloudflare and only a small range of IP can access the configs.

Gimme some malware so i can copy it, im a script kiddoe

i'd first recommend you become proficient in in so first read ebooks and watch videos, then from there you can figure out how to write the code you need

Lmao as we speak i have a cloudflare 0day so kys

well for malware python 2.7 is good because mac has a built in interpreter that can only do 2.7, and every linux distro can handle 2. but for regular use i'd recommend 3.5

i know python but books do i look for

Are there any Youtubers or Youtube series you recommend?

if you want i have a zip of all the pdfs i used do you want me to upload them for you?

thank you based user for using 3.5. I am cursed with maintaining 2.7 bullshit when I want to be deploying of 3.6a0. What are your favorite libraries, or is most of your stuff internal? I know actually nothing about this side of the python community.

sure

...

Lol rootkits in those languages? Do tell.

well for malware its easier to used the internal since you dont have to pip install on an infected computer

its a combination of bash scripting perl and python scripts

I would also like them, thanks.

Why do you a nigger?

sure. how do you deploy the code to the target computer then, or do you let the customer deal with that?

well i'd recommend switching to 3 the only real difference is that print is a function and you have to encode, what do you use python for?

here the python pdfs
a.pomf.cat/mfljft.zip

Who buys malware and why?

well for a self replicating virus it gets a bit more complex it usually requires ssh brute forcing or exploiting websites but. to address the question it depends on what they buy

Oh, for all my personal projects I use 3.5 or tip of default, especially since I also work on CPython itself. I work at a fintech startup so I write some python 2 at work because that is what our trading platform is in.

usually people who want large botnets but arent smart enough or dont want to invest the time in learning programming

wow thats cool is python back end or do you use django?

ty

How much do you make selling malware?

haha, I haven't done any web programming. I work on the backtester (the piece that simulates the trading strategy's performance with historical data). A lot of numpy, pandas, and cython in my workflow.

depends usually if its a root 500-2000
Yeah python is good for statistical analysis

depends usually if its a rootkit 500-2000
Yeah python is good for statistical analysis

How many hours of work does it take to get the money?

yeah, one thing webdevs don't understand is that the reason python is popular in numerical computing is that CPython provides a wonderful api for writing functions in C (and by extension fortran). No one fucking cares about pypy because no one is spending real amounts of time in the pure python code.

About dongles?

>malware coder
>python
Well this ain't bait

About to open files on a VM. Will post if I have any problems. Already ran it through two scanners but this guy is a coder, so the chances of it picking up something he has written recently, are pretty low.
INB4 >PDFs are safe.

well it depends if you recycle parts from other programs you've written that 5 hours
but from scratch about 7-13 roughly

I would but I don't want to lose my job

lmao this kid i have no need to target useless computers and i write code that works in unix i dont know any c++

>python
I don't think shitty buggy code counts as malware, OP.

Why do people even need viruses?

I am pretty sure pdfs have had tons of issues. fuck, opening an svg image can be potentially dangerous; but, wtf would he get out of running code on your machine?

> rootkits in java.

OK faggot, thanks for playing.

its a combination of python perl some java and bash. i just choose python as the first image of the thread because i like the python logo

Coding retard here, what kind of stuff do your programs do once they've infected a server?

>Python
>"coder"
K

LOL nub

No point in not being cautious if you already have the tools.

How easy are unauthenticated RESTful APIs to manipulate? I recently created one with Craft CMS (outputting to JSON) but authenticating is proving difficult.

are you implying that python doesn't work on windows, not sure where C++ came into play here.

Can u explain how exactly does it work? I mean when is the moment when you make money?

how is authentication difficult? what are you using, even basic auth is fine. if you have actual users touching this api use oauth

what are you transferring with it?

Yes PDFs do have quite a few issues. That's why I'm doing this. It's not only this persons word, it's who ever they got it from. I have no idea from who or how they got these. It's always better to be safe than sorry IMHO.

where to learn?
what should I learn?

I don't really code serverside, I am a front end dev, is it easy enough to do with PHP?

they can crack bitcoin, hashes be used as a place to orchestrate exploits, anything really

also, that is a totally open ended question, I could make a REST api that just responds to gets on /ayylmao with {"fuck": "you"}. There are probably no security issues there so it matters what the server is actually doing.

Malware researcher here. I've seen self- extracting executables that dump a full python environment on a machine in the temp directory just to run two stupid little python scripts that make the callbacks and scrape files.

python doesnt work on windows unless you have it installed

Samefag as OP

Have you ever fucked with any just for kicks, or do you invade with a purpose?

Must be noisey as fuck. What kind of idiot is going to execute a sketchy bash script as root on a nix server? I assume its encoded and obfuscated to hell.

As opposed to what? Does it work on Linux if you don't have it installed?

Oh, I guess I imagined you would just ship the python binary with the script. I mean, what if the target server only has python2.4 or some RHEL ancient version

the frontend isn't reponsible for serving a REST api, what are you asking?

its built into linux

See

teach me what you know?

see

usually since its a root kit its hidden as a kernel

No, it's just that default installations for common Linux distributions automatically include it.

>Implying sysadmins use weak ssh passwords for root without a hosts.allow file or port knocker.

ITT: script kiddies pretending to be big shots

um, not really. Many distros ship with python but with different versions because it is only for userland stuff. python is not core to linux itself.

where can i find hermaphrodites to cofuck? i am a gay hermaphrodite and the dating pool is fairly small

>2016
>coding
>coding shit code
>coding shit code for money

Can you be more degenerate

>ssh for root
>ssh passwords
Found the guy who shouldn't be admining

>implying everybody who runs a server has a fucking clue what they are doing

the vast majority of linux distros have it, its pretty much standard at this point

how much money do you make?

Man you'd be surprised at how successful brute force ssh campaigns are. Check out the XOR.DDoS campaign (search Google for "Hee Thai Limited malware").

Was it fun to work on Windows 10 ?

read the thread, nerd

> nerd

cuck