pedro ubuntu - 2015-02-22


rar(SFX)dll injection (trojan horse)

                    [ ATTACK VECTOR ]

use MitM + DNS_spoofing + Phishing Webpage to deliver SFX to target host.




                  [ WORK FLOW (develop) ]

1º - use the module 'generate shellcode' on r00tsect0r to build the payload.dll
2º - build batch file (run.bat) to run the dll payload
3º - use winrar.exe (WINE) to build SFX executable




                     [ BUILD BATCH ]

               @ECHO OFF
               rundll32 payload.dll,start






      [ using winrar installed on WINE to build SFX ]
         'payload.dll | run.bat | procexp.exe'


build sfx archive

alternate text


sfx options

alternate text


configurations

alternate text


methods

alternate text


update

alternate text


sfx archive build

alternate text




 

Last edit: pedro ubuntu 2015-02-23