05-01-2012, 04:17 PM
Hi HC,
This is for educational purposes only
Today i show you how to create a trojan/dropper for metasploit and how to backdoor Windows with it.
Here is the method I present to you but I am not the author of this video:
[To see links please register here]
Operating systems used
Backtrack 5 R2 = Attacker(192.168.1.97)
Windows XP sp3
Windows XP sp3
Operating systems vulnerable
Windows 7 and Xp Any Versions = Slave (192.168.1.7)
Software requirements
Dev-C + + Version 4.9.9.2 (in XP)
The Source Code of the video.
The Source Code of the video.
1 - Create the file ascii.bin
Hidden Content
And copy the ascii.bin in /var/www
Hidden Content
[/hide]
2-Create the trojan/dropper
In Win XP open Dev-C ++ and click on file => new => project
Copy and Paste the Code
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
Hidden Content
Copy and Paste the Code
Hidden Content
3-Get a Meterpreter
Start the listener with this command
Add an entry in the register for launch your dropper at windows start
Check the register
During the reboot restart your listener
You may find your Meterpreter restarts automatically soon as a session is opened.[/hide]
I hope you enjoy it and I'm always looking for a way to inject shellcode into an image and if possible make it undetectable.
You will find links who talk about it on my other TuT
Analysis :
ascii.bin :[/hide]
[/hide]Hidden Content
Hidden Content
4-Create the persistent backdoor :ok:
Hidden Content
Add an entry in the register for launch your dropper at windows start
Hidden Content
Check the register
Hidden Content
During the reboot restart your listener
Hidden Content
You may find your Meterpreter restarts automatically soon as a session is opened.[/hide]
Conclusion
:dance: From here you are the master on board.:dance:
I hope you enjoy it and I'm always looking for a way to inject shellcode into an image and if possible make it undetectable.
You will find links who talk about it on my other TuT
[To see links please register here]
Analysis :
ascii.bin :
[To see links please register here]
exec.exe :[To see links please register here]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]
[/hide]