Author Topic: Exe not allowed in Emails - How to bypass?  (Read 2684 times)

0 Members and 1 Guest are viewing this topic.

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Exe not allowed in Emails - How to bypass?
« on: June 11, 2012, 11:15:20 pm »
Ok,
I wrote a kind of trojan for a 'job' (for me more like training  :P ) and put it into a self extracting archive with a pdf file with iexpress.exe . Then I edited the source for the icon to change it to the icon of a pdf file and named my exe with a .pdf.exe (because windows hides the .exe part), so it looks (for a not-expert) like a normal pdf file.

But now here's my problem: I have to send this exe to a few guys,but all email hosts like gmx,gmail and hotmail don't allow executeables (even if they're in archives,and they can read almost EVERY archive by now... -,-' ).
So how could I attach this executeable to my mail,so the targets downlaod them asuming they're pdfs,and start them after that?

Or do you know a better way for this than using self extracting archieves?
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline centizen

  • Peasant
  • *
  • Posts: 70
  • Cookies: 8
  • Certified Evil Genius
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #1 on: June 11, 2012, 11:20:34 pm »
your only option is to put a password on your RAR file really. but that adds another layer of complexity to your attack. Really, e-mail distribution isn't something you're going to do unless you have an exploit so that you can hide the true nature of your file.

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #2 on: June 11, 2012, 11:31:14 pm »
a password won't always work...   if you read a zip for example,the filenames and paths are plaintext...
don't know if it's the same with rar and 7z, but guess so...
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline centizen

  • Peasant
  • *
  • Posts: 70
  • Cookies: 8
  • Certified Evil Genius
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #3 on: June 11, 2012, 11:49:02 pm »
no, not the case. You are able to encrypt everything with rar.

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #4 on: June 12, 2012, 06:35:23 am »
but that's the next problem. It's already strange that I compess a normal "pdf",and that it is rar instead of the preinstalled zip doesn't help...
If I set a password now too,then they may be suspicious on it...
« Last Edit: June 12, 2012, 06:45:25 am by Area_13 »
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline The Alchemist

  • Peasant
  • *
  • Posts: 100
  • Cookies: 18
  • Cult Of Personality
    • View Profile
    • Scriptings - Paste Tool
Re: Exe not allowed in Emails - How to bypass?
« Reply #5 on: June 12, 2012, 07:48:19 am »
Perfection isn't achievable so easily..
Defeat the best... To be the best...

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Exe not allowed in Emails - How to bypass?
« Reply #6 on: June 12, 2012, 08:03:39 am »
RAR's do not encrypt filenames unless you set it to.

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #7 on: June 12, 2012, 09:32:21 pm »
In the end putting it in an archieve is no solution at all,as if someone doubleclicks it, winzip/winrar will open and they'll show the full extensions (e.g. 'myfile.pdf.exe'), so the target would see that the file is an executeable and not a pdf...  :-\

Anyone another idea?
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Exe not allowed in Emails - How to bypass?
« Reply #8 on: June 12, 2012, 10:23:51 pm »
Well you can craft an exploitable PDF file. AFAIK Adobe has tons of those code execution exploit thingies :P so if he's running adobe, somehow get to know which version and refer to metasploit to generate a malicious PDF. If successful you might get a remote shell or install whatever you want.

Offline h4ppy_4rtist

  • Serf
  • *
  • Posts: 35
  • Cookies: 0
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #9 on: June 12, 2012, 11:09:08 pm »
If you really want to do it per e-mail and you are not able to create this malicious pdf you may try extensions like .cmd, and .scr for your file. Maybe the freemail companies don't filter them I dunno.
[[ We're all some kind of artists. ]]

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #10 on: June 12, 2012, 11:17:54 pm »
@Kulverstukas
I've already sent the mail (deadline was today),but I still will have a look at that when I have time for it,because it sure'll be useful next time..

@h4ppy_4rtist
Quote
If you really want to do it per e-mail and you are not able to create this malicious pdf you may try extensions like .cmd
I think I won't recode that trojan again in batch  :P
« Last Edit: June 12, 2012, 11:18:41 pm by Area_13 »
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: Exe not allowed in Emails - How to bypass?
« Reply #11 on: June 12, 2012, 11:25:48 pm »
Are .cab's filtered?
« Last Edit: June 12, 2012, 11:26:05 pm by ca0s »

Offline h4ppy_4rtist

  • Serf
  • *
  • Posts: 35
  • Cookies: 0
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #12 on: June 13, 2012, 02:48:54 pm »
@h4ppy_4rtistI think I won't recode that trojan again in batch  :P

I think you don't need to recode it in batch ;)
Just change the extension to cmd and the victims windows computer will try to execute it. Like .scr and so on..
[[ We're all some kind of artists. ]]

Offline flowjob

  • Knight
  • **
  • Posts: 327
  • Cookies: 46
  • Pastafarian
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #13 on: June 13, 2012, 04:13:53 pm »
@h4ppy_4rtist:
I think this won't work,because as I know .cmd is executed by cmd.It executes the batch command for command,but a .exe does not contain a command list,but some compiled stuff wich can't be read by cmd as far as I know.

@ca0s
I'll try it with .cab next time too
Quote
<phil> I'm gonna DDOS the washing machine with clothes packets.
<deviant_sheep> dont use too much soap or youll cause a bubble overflow

Offline h4ppy_4rtist

  • Serf
  • *
  • Posts: 35
  • Cookies: 0
    • View Profile
Re: Exe not allowed in Emails - How to bypass?
« Reply #14 on: June 13, 2012, 04:34:51 pm »
Give it a try, for me it worked very often with XP / Vista / 7 ^^
[[ We're all some kind of artists. ]]