How To File Down Fake Nails

FakeImageExploiter v1.4 - backdoor images.jpg[.ps1]

              CodeName: Metamorphosis Version release: v1.iv (Stable) Author: pedro ubuntu [ r00t-3xp10it ] Distros Supported : Linux Ubuntu, Kali, Mint, Parrot Bone Suspicious-Trounce-Activeness (SSA) RedTeam develop @2017                          

Legal Disclamer:

              The author does non hold any responsibility for the bad employ of this tool, remember that attacking targets without prior consent is illegal and punished by law.                          

Description:

              This module takes ane existing image.jpg and one payload.ps1 (input past user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the two previous files stored into apache2 (epitome.jpg + payload.ps1) and execute them.  This module likewise changes the agent.exe Icon to match one file.jpg Then uses the spoof 'Hide extensions for known file types' method to hidde the agent.exe extension.  All payloads (user input) will exist downloaded from our apache2 webserver and executed into target RAM. The only extension (payload input by user) that requires to write payload to disk are .exe binaries.                          

Exploitation:

              FakeImageExploiter stores all files in apache2 webroot, zips (.zilch) the agent, starts apache2 and metasploit services(handler), and provides a URL to send to target (triggers agent.zip download). As soon every bit the victim runs our executable, our picture will be downloaded and opened in the default picture viewer, our malicious payload will be executed, and we volition get a meterpreter session.  But it as well stores the agent (not ziped) into FakeImageExploiter/output folder if nosotros wish to deliver agent.jpg.exe using another diferent attack vector.  'This tool besides builds a cleaner.rc file to delete payloads left in target'                          

Payloads accepted (user input):

              payload.ps1 (default) | payload.bat | payload.txt | payload.exe [Metasploit] "Edit 'settings' file earlier runing tool to use other extensions"                          

Pictures accustomed (user input):

              All pictures with .jpg (default) | .jpeg | .png  extensions (all sizes) "Edit 'settings' file before runing tool to use other extensions"                          

Dependencies/Limitations:

              xterm, zenity, apache2, mingw32[64], ResourceHacker(wine) 'Auto-Installs ResourceHacker.exe under ../.vino/Program Files/.. directorys'  Alarm: To change icon manually (resource hacker featherbed) edit 'settings' file. WARNING: Only under windows systems the 2º extension will be hidden (then zero it)  Alert: The agent.jpg.exe requires the inputed files to be in apache2 (local lan hack) WARNING: The agent.jpg.exe uses the powershell interpreter (does not work againts wine). WARNING: This tool volition not accept payload (user input) arguments (eg nc.exe -lvp 127.0.0.one 555) WARNING: The ResourceHacker provided by this tool requires Vino to be set to windows 7                          

Another senarios:

              If you wish to utilize your ain binary (user input - non metasploit payloads) then:                          

1º - Edit 'settings' file before runing tool and select 'NON_MSF_PAYLOADS=Yep' 2º - Select the binary extension to use 'Remmenber to save settings file before continue' ..

3º - Run FakeImageExploiter to metamorphosis your binary (auto-storage all files in apache) .. 4º - Open new final and execute your binary handler to recibe connexion. HINT: This funtion volition NOT build a cleaner.rc

The noob friendly funtion:

              Featherbed the demand to input your payload.ps1, And let FakeImageExploiter take care of building the required payload.ps1 + agent.jpg.exe and config the handler. "With this funtion active, you lot only need to input your moving-picture show.jpg :D"                          

Select the binary extension to employ HINT: This funtion permit users to build (ps1|bat|txt) payloads
HINT: This funtion will Not build .exe binaries

"WINE is not owned by you":

              If you go this message it means that you lot are executing FakeImageExploiter every bit sudo and your vino installation belongs to user (is not owned by you lot) to featherbed this effect but execute FakeImageExploiter as the wine owner. EXAMPLE: If wine its owned past spirited_wolf, execute tool without sudo Instance: If vino its owned by root, execute tool as sudo                          

Download/Install/Config:

              1º - Download framework from github      git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git  2º - Set files execution permitions      cd FakeImageExploiter      sudo chmod +x *.sh  3º - Config FakeImageExploiter settings      nano settings  4º - Run primary tool      sudo ./FakeImageExploiter.sh                          

WARNING: fix Resources-Hacker.exe installer to 'Program Files' (non Program Files (x86))

Framework Banner

settings file

Amanuensis(southward) in windows systems

Video tutorials:

FakeImageExploiter [ Official release - Main funtions ]: https://world wide web.youtube.com/lookout man?v=4dEYIO-xBHU

FakeImageExploiter [ the noob friendly funtion ]: https://www.youtube.com/sentry?v=abhIp-SG4kM

FakeImageExploiter [ bat payload - worddoc.docx amanuensis ]: https://www.youtube.com/watch?v=Ah4hejGhj-M

FakeImageExploiter [ txt payload - msfdb rebuild ]: https://www.youtube.com/spotter?five=g2E73GyxKhw

Special thanks:

@nullbyte | @Yoel_Macualo | @0xyg3n (SSA squad menber)

Credits: https://nix-byte.wonderhowto.com/how-to/hide-virus-inside-fake-motion-picture show-0168183

Suspicious-Shell-Activity (SSA) RedTeam develop @2017

Source: https://github.com/r00t-3xp10it/FakeImageExploiter

Posted by: martinezwilhaverste.blogspot.com

Share this post