Ok so i hacked my virtual machine and i want to stay on it without the victim clicks twice....
so my idea is this if there is a way to put the backdoor and any other software together for example google chrome , so every time the victim's run google chrome the backdoor will run too...
can someone explain me how to do it/good video if it is possible..
5 Responses
1 way of doing this would be to change the path of your backdoor to the path of the shortcut. This is german, but I think you could just use the position of the element.
Just put the path to your backdoor in this field and call the real application (In this case Firefox) in your backdoor. When the victim clicks on the shortcut your backdoor gets executed and then your backdoor executes the real program. I'm sorry but I don't know how this can be done automatically. Try to google for path changing in shortcuts via command line if you need to do this without actually having physical access/VNC ;)
I've found an interesting site, which explains how this can be done in vbscript. If you want to have a look at this way of executing your backdoor look here :)
Binders.
DONTRU u dont unerstand take a look above
I do understand, do you? The problem with the method provided above is that the original file does not get executed because it would no longer have any link to it unless you reset it and execute the shortcut after backdoor is running which brings up other problems besides the fact that it is incredibly hacky. There will be obvious evidence that there's an unauthorized program on disk and there is the high possibility that the file will be detected during the transferring of it onto the system by the AV unless it has been obfuscated. even so, it still remains in plain sight. This also creates a dependency which is undesirable for any malware since its initial execution relies heavily on the VB script being correctly executed by the victim. Therefore, it reduces success rate should something not go as planned.
With a binder, the target executable and the malware are bound together in one larger executable called the stub. When the stub is executed, it will run BOTH the target executable AND the malware which is EXACTLY what you're asking for so I have absolutely no idea what you're talking about saying that I don't understand. Again, this also brings up an issue. The stub which is probably made to look like the target program will be obviously larger and if the victim isn't ignorant, you could end up failing but is nevertheless a general improvement on the previous technique. Again, there may be an issue with scantime detection by the AV.
So I ask again, do you understand?
Share Your Thoughts