Metasploit Tool – FakeImageExploiter v1.4 – backdoor images.jpg

CodeName: Metamorphosis Version release: v1.4 (Stable) Author: pedro ubuntu [ r00t-3xp10it ] Distros Supported : Linux Ubuntu, Kali, Mint, Parrot OS Suspicious-Shell-Activity (SSA) RedTeam develop @2017
Categorias: , ,

Descrição

Versão Palco Construir

FakeImageExploiter v1.4

FakeImageExploiter v1.4 – backdoor images.jpg [.ps1]

CodeName: Metamorphosis Version release: v1.4 (Stable) Author: pedro ubuntu [ r00t-3xp10it ] Distros Supported : Linux Ubuntu, Kali, Mint, Parrot OS Suspicious-Shell-Activity (SSA) RedTeam develop @2017

Disclamer Legal:

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.

 

Descrição:

This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them. This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof 'Hide extensions for known file types' method to hidde the agent.exe extension. All payloads (user input) will be downloaded from our apache2 webserver and executed into target RAM. The only extension (payload input by user) that requires to write payload to disk are .exe binaries.

Exploração:

FakeImageExploiter stores all files in apache2 webroot, zips (.zip) the agent, starts apache2 and metasploit services(handler), and provides a URL to send to target (triggers agent.zip download). As soon as the victim runs our executable, our picture will be downloaded and opened in the default picture viewer, our malicious payload will be executed, and we will get a meterpreter session. But it also stores the agent (not ziped) into FakeImageExploiter/output folder if we wish to deliver agent.jpg.exe using another diferent attack vector. 'This tool also builds a cleaner.rc file to delete payloads left in target'

FakeImageExploiter v1.4

Payloads aceitos (entrada do usuário):

payload.ps1 (default) | payload.bat | payload.txt | payload.exe [Metasploit] "Edit 'settings' file before runing tool to use other extensions"

FakeImageExploiter v1.4

Fotos aceitas (entrada do usuário):

All pictures with .jpg (default) | .jpeg | .png extensions (all sizes) "Edit 'settings' file before runing tool to use other extensions"

FakeImageExploiter v1.4

 

Dependências / Limitações:

xterm, zenity, apache2, mingw32[64], ResourceHacker(wine) 'Auto-Installs ResourceHacker.exe under ../.wine/Program Files/.. directorys' WARNING: To change icon manually (resource hacker bypass) edit 'settings' file. WARNING: Only under windows systems the 2º extension will be hidden (so zip it) WARNING: The agent.jpg.exe requires the inputed files to be in apache2 (local lan hack) WARNING: The agent.jpg.exe uses the powershell interpreter (does not work againts wine). WARNING: This tool will not accept payload (user input) arguments (eg nc.exe -lvp 127.0.0.1 555) WARNING: The ResourceHacker provided by this tool requires WINE to be set to windows 7

FakeImageExploiter v1.4

 

Outros senarios:

If you wish to use your own binary (user input - not metasploit payloads) then:

1º – Edite o arquivo ‘settings’ antes de executar a ferramenta e selecione ‘NON_MSF_PAYLOADS = YES’ FakeImageExploiter v1.4 2º – Selecione a extensão binária para usar FakeImageExploiter v1.4 ‘Remmenber para salvar o arquivo de configurações antes de continuar’ ..

3º – Execute o FakeImageExploiter para metamorfose seu binário (armazenamento automático de todos os arquivos no apache) .. FakeImageExploiter v1.4 4º – Abra o novo terminal e execute seu manipulador binário para obter a conexão. DICA: Esta função NÃO criará um limpador.rc

 

O funtion amigável do noob:

Bypass the need to input your payload.ps1, And let FakeImageExploiter take care of building the required payload.ps1 + agent.jpg.exe and config the handler. "With this funtion active, you only need to input your picture.jpg :D"

FakeImageExploiter v1.4 Selecione a extensão binária para usar FakeImageExploiter v1.4 DICA: Esta função permite que os usuários construam payloads (ps1 | bat | txt)
SUGESTÃO: Esta função NÃO criará binários .exe

 

“WINE não é possuído por você”:

If you get this message it means that you are executing FakeImageExploiter as sudo and your wine installation belongs to user (is not owned by you) to bypass this issue just execute FakeImageExploiter as the wine owner. EXAMPLE: If wine its owned by spirited_wolf, execute tool without sudo EXAMPLE: If wine its owned by root, execute tool as sudo

 

Download / Instalar / Config:

1º - Download framework from github git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git 2º - Set files execution permitions cd FakeImageExploiter sudo chmod +x *.sh 3º - Config FakeImageExploiter settings nano settings 4º - Run main tool sudo ./FakeImageExploiter.sh

AVISO: configure o instalador do Resource-Hacker.exe para ‘Arquivos de programas’ (não para arquivos de programas (x86))

 

Banner de estrutura

FakeImageExploiter v1.4

arquivo de configurações

FakeImageExploiter v1.4

Agente (s) em sistemas Windows

FakeImageExploiter v1.4