Today we are gonna be encoding backdoors using metasploit framwork on Backtrack 5!
This was originally suggested by purpl3ro0t from YouTube, so whenever you have any suggestions, drop me a line and they might just end up here. 🙂
First we take a look at crafting a simple payload into a backdoor, and when loading it into a sandbox (Windows XP) the anti-virus doesn’t even allow the file to be downloaded.
Well, that’s not any good is it? Who’s gonna open the file if there are flags all over it?
So we have to make this file undetectable, at least to the client’s anti-virus which is Avast. Recently I found a public script in Pastebin (original link) and after looking at it for a few minutes, I thought the file was really legit. Especially after seeing all the encoding going on at line 43… so I modified it for my own use — big ups to Astrobaby, don’t know who you are or where you’re from but keep it up! 😀
First, install the following libraries:
apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils
Run metasploit framework console, use the exploit/multi/handler method, and set the payload to windows/meterpreter/reverse_https. It is also a good idea to use the ‘launch_and_migrate.rb’ script, so we can migrate to a new process as soon as we get a chance. We encoded that backdoor like 1000 times so it can’t be that stable.
Now with an undetectable backdoor we just get creative and find a way to send it to the victim.
Click here to download the scripts: [ DOWNLOAD ]
Check out the video in HD!