Backdoor Image FakeImageExploiter,image backdoor,exploit windows image backdoor

FakeImageExploiter

This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them. This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof ‘Hide extensions for known file types’ method to hidde the agent.exe extension.
All payloads (user input) will be downloaded from our apache2 webserver and executed into target RAM. The only extension (payload input by user) that requires to write payload to disk are .exe binaries.

Exploitation

FakeImageExploiter stores all files in apache2 webroot, zips (.zip) the agent, starts apache2 and metasploit services(handler), and provides a URL to send to target (triggers agent.zip download). As soon as the victim runs our executable, our picture will be downloaded and opened in the default picture viewer, our malicious payload will be executed, and we will get a meterpreter session. But it also stores the agent (not ziped) into FakeImageExploiter/output folder if we wish to deliver agent.jpg.exe using another diferent attack vector. ‘This tool also builds a cleaner.rc file to delete payloads left in target’

Installation

git clone http://ift.tt/2o8F7o2
cd FakeImageExploiter
sudo chmod +x *.sh
Config FakeImageExploiter settings
nano settings
Run main tool
sudo ./FakeImageExploiter.sh

Demo

Source

http://ift.tt/2pEcAJF

The post FakeImageExploiter | Embedded Backdoor with Image appeared first on Penetration Testing in Linux. http://ift.tt/2p1gqsg http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s