Weeks ago, I got asked this question by JayJayGee.

JayJayGee:

Okay, I have a question now.
In my cybersecurity course I recently learnt how to identify and analyse malwares also how to install and remove malwares. Also I saw myself picking serious interest in malwares. So I'm asking how do I go about creating or learning to create my own malwares, exploit scripts and all of that so I can be an effective red teamer for my cyber security unit?

The answer I gave wasn't really in depth so I thought I'd make a post to properly explain how you can make your malwar3, the programming languages you should use and what the logic will be.

Writing malwar3 all depends on what you are targeting and how you want it to work. If you want a classic file or boot sector infecting malwar3, go with Assembly. This is a very difficult but rewarding language because you are writing so close to the bare metal of the machine, it makes writing code that can alter binary files and hardware a simple matter.

Worms, macros, script virus3s, and most other malwar3 can be easier since higher-level languages easily support networking and graphics and you don’t have to do any tricks that infect binaries or deal with hardware. From there it’s all about what you want to infect and how. C and C++ are good for most purposes, but once you have written your malwar3, it will only work on that OS (if you wrote it for Windows but want it to work on a Mac or Linux, you can still use those languages but you will have to recompile and even rewrite some things). Java is the king of application languages, but it presupposes the user has a Java virtual machine. Android uses Java, so it can be useful for Android malwar3. In the Mac world, both for their computers and phones, it’s largely Objective-C and Swift. For web-based malwar3, you can use JavaScript or Ruby, but PHP could also be quite valuable (it’s what Facebook and Wordpress use). Python can do just about anything, and luckily, it has a lot of malwar3 to its name too.

As for the logic, that’s a big question, and something for you to work out for yourself. It’s a lot of work and if I’m going to even just work out the logic, I’m either writing a virus to satisfy my own curiosity or I’m going to be paid handsomely. Also, as the logic goes, as any other software you should have a list of requirements and you write your code to satisfy those, as example if your malwar3 is a worm; it has to have some method of spreading like coping itself from one hard drive to another to a flash drive to whatever is connected and you see as a way of spreading your worm. if it is a spyware then it should get access to the victims resources like the microphone, webcam, keyboard and probably have screen capture abilities. All of this requirements are usually achievable through most programming languages and you can actually find example code for them on open source software.

I won’t warn you against writing them, but I will warn you to be careful and not let them out. If you must run them, do it in simulators or virtual machines that are not attached to the wider Internet. I have no sympathy on anyone who deliberately releases destructive code on innocent people and ends up banged up with a crushing fine or even a long jail sentence, but I do like and even hope to encourage the curious person looking for an interesting technical and intellectual exercise.

If you guys think I should make another post showing you how to get started with writing basic malwar3s in C or Python, let me know.
P.S. This is strictly for educational purpose.

Following

EvilSec:
Weeks ago, I got asked this question by JayJayGee.


The answer I gave wasn't really in depth so I thought I'd make a post to properly explain how you can make your malwar3, the programming languages you should use and what the logic will be.

Writing malwar3 all depends on what you are targeting and how you want it to work. If you want a classic file or boot sector infecting malwar3, go with Assembly. This is a very difficult but rewarding language because you are writing so close to the bare metal of the machine, it makes writing code that can alter binary files and hardware a simple matter.

Worms, macros, script virus3s, and most other malwar3 can be easier since higher-level languages easily support networking and graphics and you don’t have to do any tricks that infect binaries or deal with hardware. From there it’s all about what you want to infect and how. C and C++ are good for most purposes, but once you have written your malwar3, it will only work on that OS (if you wrote it for Windows but want it to work on a Mac or Linux, you can still use those languages but you will have to recompile and even rewrite some things). Java is the king of application languages, but it presupposes the user has a Java virtual machine. Android uses Java, so it can be useful for Android malwar3. In the Mac world, both for their computers and phones, it’s largely Objective-C and Swift. For web-based malwar3, you can use JavaScript or Ruby, but PHP could also be quite valuable (it’s what Facebook and Wordpress use). Python can do just about anything, and luckily, it has a lot of malwar3 to its name too.

As for the logic, that’s a big question, and something for you to work out for yourself. It’s a lot of work and if I’m going to even just work out the logic, I’m either writing a virus to satisfy my own curiosity or I’m going to be paid handsomely. Also, as the logic goes, as any other software you should have a list of requirements and you write your code to satisfy those, as example if your malwar3 is a worm; it has to have some method of spreading like coping itself from one hard drive to another to a flash drive to whatever is connected and you see as a way of spreading your worm. if it is a spyware then it should get access to the victims resources like the microphone, webcam, keyboard and probably have screen capture abilities. All of this requirements are usually achievable through most programming languages and you can actually find example code for them on open source software.

I won’t warn you against writing them, but I will warn you to be careful and not let them out. If you must run them, do it in simulators or virtual machines that are not attached to the wider Internet. I have no sympathy on anyone who deliberately releases destructive code on innocent people and ends up banged up with a crushing fine or even a long jail sentence, but I do like and even hope to encourage the curious person looking for an interesting technical and intellectual exercise.

If you guys think I should make another post showing you how to get started with writing basic malwar3s in C or Python, let me know.
P.S. This is strictly for educational purpose.

Good day sir.

please i want to go into serious ethical hacking and people are telling me that I need to know many language as possible since I can not use JavaScript to hack something build with php, neither can i use python to hack java. so because of that I need to learn as many language as possible if I want to hack anything.
How true is that sir
thanks

OGWILLS123:

Good day sir.

please i want to go into serious ethical hacking and people are telling me that I need to know many language as possible since I can not use JavaScript to hack something build with php, neither can i use python to hack java. so because of that I need to learn as many language as possible if I want to hack anything.
How true is that sir
thanks

I made a post in the past that should answer your question.
https://www.nairaland.com/6053872/programming-languages-hackers-should-learn

Najdorf:
Following

Not sure if there will be a follow up post. I've been getting banned a lot on NL these days and a ton of my posts have been removed. Maybe it's time I stopped using nairaland.

Hi EvilSec, is there any know python library to validate email input with respective domain

Bahat:
Hi EvilSec, is there any know python library to validate email input with respective domain

To validate emails for any type of domain, use https://isitarealemail.com email API validation, it does in depth email address inspection on the email server. You need to use the python requests library.

EvilSec:

To validate emails for any type of domain, use https://isitarealemail.com email API validation, it does in depth email address inspection on the email server. You need to use the python requests library.

Thanks for the share, it seems to work after testing it alot of time, im not sure the API works anymore with accurate result.

And @Bahat If you need an offline regex method, I could provide you a decent expression.

Enceladus:
And @Bahat If you need an offline regex method, I could provide you a decent expression.

cc Enceladus oh yes i need tell me about it. Thanks in advance

Bahat:


cc Enceladus oh yes i need tell me about it. Thanks in advance

This does not perform any test of the server actually.

Enceladus:


This does not perform any test of the server actually.

Oh alright. You can share me the regex to verify user input. But I actually need the server-side testing.

Bahat:


Oh alright. You can share me the regex to verify user input. But I actually need the server-side testing.

I did that already but let me upload again. The file check_email.py does what you want but it can't check outlook mx records, but you can find dig around for them and slot it in the code manually. The file also works with custom not so popular mail servers. And in case you run to IP blacklist issues you can tunnel your request through a proxy with PySocks.

Yet ordinary Calculator u cannot hack

Bonatheripper:
Yet ordinary Calculator u cannot hack

How about I start by doxxing you xD?

Want to learn hacking, go study (1) SAN 504 course.: Hackers, tools and Techniques .

(2) CompTIA Pentest+
(3) CompTIA Linux+
And CompTIA CySA+

Then you are good to go

MiracleAdams:
Want to learn hacking, go study (1) SAN 504 course.: Hackers, tools and Techniques .

(2) CompTIA Pentest+
(3) CompTIA Linux+
And CompTIA CySA+

Then you are good to go

After this what next? What about if you have no experience with programming languages

---

Hotspotbro:
i want to write a android/iphone specified botnet.
i have JS Miner for Monero and am not using it because i have no idea what it can do

It depends on how you are making those calls, android/iphone you can use a UI that responds to both types to manage those datas.