EvilZone
Hacking and Security => Hacking and Security => : flowjob June 11, 2012, 11:15:20 PM
-
Ok,
I wrote a kind of trojan for a 'job' (for me more like training :P ) and put it into a self extracting archive with a pdf file with iexpress.exe . Then I edited the source for the icon to change it to the icon of a pdf file and named my exe with a .pdf.exe (because windows hides the .exe part), so it looks (for a not-expert) like a normal pdf file.
But now here's my problem: I have to send this exe to a few guys,but all email hosts like gmx,gmail and hotmail don't allow executeables (even if they're in archives,and they can read almost EVERY archive by now... -,-' ).
So how could I attach this executeable to my mail,so the targets downlaod them asuming they're pdfs,and start them after that?
Or do you know a better way for this than using self extracting archieves?
-
your only option is to put a password on your RAR file really. but that adds another layer of complexity to your attack. Really, e-mail distribution isn't something you're going to do unless you have an exploit so that you can hide the true nature of your file.
-
a password won't always work... if you read a zip for example,the filenames and paths are plaintext...
don't know if it's the same with rar and 7z, but guess so...
-
no, not the case. You are able to encrypt everything with rar.
-
but that's the next problem. It's already strange that I compess a normal "pdf",and that it is rar instead of the preinstalled zip doesn't help...
If I set a password now too,then they may be suspicious on it...
-
Perfection isn't achievable so easily..
-
RAR's do not encrypt filenames unless you set it to.
-
In the end putting it in an archieve is no solution at all,as if someone doubleclicks it, winzip/winrar will open and they'll show the full extensions (e.g. 'myfile.pdf.exe'), so the target would see that the file is an executeable and not a pdf... :-\
Anyone another idea?
-
Well you can craft an exploitable PDF file. AFAIK Adobe has tons of those code execution exploit thingies :P so if he's running adobe, somehow get to know which version and refer to metasploit to generate a malicious PDF. If successful you might get a remote shell or install whatever you want.
-
If you really want to do it per e-mail and you are not able to create this malicious pdf you may try extensions like .cmd, and .scr for your file. Maybe the freemail companies don't filter them I dunno.
-
@Kulverstukas
I've already sent the mail (deadline was today),but I still will have a look at that when I have time for it,because it sure'll be useful next time..
@h4ppy_4rtist
If you really want to do it per e-mail and you are not able to create this malicious pdf you may try extensions like .cmd
I think I won't recode that trojan again in batch :P
-
Are .cab's filtered?
-
@h4ppy_4rtistI think I won't recode that trojan again in batch :P
I think you don't need to recode it in batch ;)
Just change the extension to cmd and the victims windows computer will try to execute it. Like .scr and so on..
-
@h4ppy_4rtist:
I think this won't work,because as I know .cmd is executed by cmd.It executes the batch command for command,but a .exe does not contain a command list,but some compiled stuff wich can't be read by cmd as far as I know.
@ca0s
I'll try it with .cab next time too
-
Give it a try, for me it worked very often with XP / Vista / 7 ^^