Spreading Ghosts Attacks
Leonardo Da vinci is widely considered to be one of the greatest painters of all time, and perhaps the most diversely talented person ever to have lived. Leonardo said that there are three types of people that one may encounter: “Those who see. Those who see when they are shown. Those who do not see.”
But here I want to add a class of people who see even if they are prevented – we are talking about the Hacker class.
One of the first things an attacker will do to compromise a remote system is use a Backdoor. I am referring to a ghost – a piece of software that by running it an attacker can have access to a remote system and collect all activities on the targeted machine.
USBsploit is a tool that is still in beta version and has been created by an Infosec researcher and owner of the popular portal Secubs. This tool makes it simple for any person looking to generate Backdoors within a few steps.
First, you need to start with choosing the right distribution, this can be Backtrack/Debian or Ubuntu with the original dependency from Metasploit, than you can follow the clear and easy steps mentioned on the official website.
When you run USBsploit you will find a menu with the list of action you are looking to perform:
1. Create a Backdoor
2. Create a Backdoor and launch a Listener only for the USB Dump attack
3. Launch a Listener for the USB Dump attack from the last Dump configuration file
4. Update the USBsploit Framework
5. Edit the last Dump configuration file (needs vi)
6. Edit the global options (needs vi)
7. Edit the file extensions set to dump (needs vi)
If you choose to create a Backdoor you will be asked to select the IP address of the listener, and by default it will detect local machine IP.
Next you will be asked to select the kind of backdoor you are looking to deploy, depending on victim’s Operating system:
1. Windows Meterpreter Reverse_TCP Spawn a shell on victim and send back to attacker.
2. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64)
3. Windows Meterpreter Egress Buster Spawn a shell and find a port home via multiple ports
And here an important step you will be choosing the kind of encodings to try and bypass weak Antiviruses.
Select one of the below, Backdoored Executable is typically the best.
1. shikata_ga_nai (Very Good)
2. Multi-Encoder (Excellent)
3. Backdoored Executable (BEST)
After encoding you will find the executable file in “/opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe”
This amazing tools helps to create a backdoor that can bypass most popular antiviruses in just a few steps.
My experience was interesting because when testing the generated executable file that had been encoded by msfencode, only 10 out of 42 antiviruses detected it as a Trojan.
You can run the .exe file on a windows machine even if it contains one of the Antiviruses that was not able to detect the malicious code, even with the latest definition such as Kaspersky and activate the listener.
Here you will access all activities on the target machine and have total visibility of the whole system.
make sure you subscribe to my RSS feed!