Menu

backdoor .exe and .pdf

Anonymous
2014-08-07
2014-09-01
  • Anonymous

    Anonymous - 2014-08-07

    Hi peterubuntu10

    Firstly great job on netool very impressive. I found the backdoors get picked up by most AV software. I was wondering if it was possible to use veil-evasions encryption techniques to mask the backdoor. I normally use veil evasion to create backdoors and call metasploit for the meterpreter session but what i haven't been able to do is use an existing .exe such a zip and inbed a backdoor within it like you are doing all the .exe are custome made and suspecious to the eye when utilizing veil. Your tool is awsome but if you were able to incorporate veils technique of AV evasion then it would be deadly. Is this possible have you considered looking in to this? You have got yourself a new fan seriously awsome work. Hail from SA

    Regards:
    Grundy

     
    • pedro ubuntu

      pedro ubuntu - 2014-09-01



      hello man, sorry for the late reply, but i recibe bug-reports here:
      https://sourceforge.net/p/netoolsh/discussion/general/thread/928a3086/
      thats the reason why i only see your question now,about your veil question:

      thats the reazon why i have made a 'stop' fuction befor lanching the listenner or the arp-poison (so a user have time to encrypt the payload befor continue the attack and then export the encrypted payload to the correspondent attack path needed) <-- so you can use VEIL to encrypt payloads and then use it in netool.sh attacks yes, "does veil produce FUD this days ???"...

      yes i could incorporate veil technics because the secret of
      veil its the 'Pyinstaller' and 'Pwnstaller' modules...
      http://www.harmj0y.net/blog/python/pwnstaller-1-0/
      in the future i will take your idea in consideration thanks.

      in netool.sh V4.2 released i have added a new automated attack called 'host a file attack' that simple uses the fakeupdate method and one external payload to remote control a target: 'meterpreter powershell shellcode invocation'

      "A.V. bypass using powershell and a meterpreter payload, obfuscated using unicode and base64" https://www.youtube.com/watch?v=4goHDJqBRXk&list=UUkYIsELo6hnXdYBZklu6Jng

       

      Last edit: pedro ubuntu 2014-09-01

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.