r00t-3xp10it / backdoorppt Goto Github PK

transform your payload.exe into one fake word doc (.ppt)

Shell 100.00%

office-word-doc spoof-extensions fake-doc-builder payload rtlo

backdoorppt's Introduction

backdoorppt - 'Office spoof extensions tool'

Version release: v1.7-Stable
Author: pedro ubuntu  [ r00t-3xp10it ]
Distros Supported: Linux Kali, Ubuntu, Mint
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017

Transform your payload.exe into one fake word doc (.ppt)

Simple script that allow users to add a ms-word icon to one
existing executable.exe (using resource-hacker as backend appl)
and a ruby one-liner command that will hidde the .exe extension
and add the word doc .ppt extension to the end of the file name.

Spoof extension methods

backdoorppt tool uses 2 diferent extension spoof methods:
'Right to Left Override' & 'Hide Extensions for Known File Types'
Edit the 'settings' file to chose what method should be used..

cd backdoorppt && nano settings

Dependencies (backend applications required)

xterm, wine, ruby, ResourceHacker(wine)

'backdoorppt script will work on wine 32 or 64 bits'
'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'

Tool Limitations

1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt)
2º - backdoorppt requires ResourceHacker installed (wine) to change the icons
3º - backdoorppt present you 6 available diferent icons (.ico) to chose from
4º - backdoorppt does not build real ms-word doc files, but it will transform
     your payload.exe to look like one word doc file (social engineering).

Backdoorppt working (Kali distros)

transformed files on-target system (windows)

Final notes

Target user thinks they are opening a word document file,
but in fact they are executing one binary payload insted.

Video tutorials:

backdoorppt: https://www.youtube.com/watch?v=k4UJW4p1E3w&t=1s

Special thanks:

@Damon Mohammadbagher | Article: goo.gl/hKHesk

backdoorppt's People

Contributors

Stargazers

Watchers

Forkers

clicknull suriya73 chaitanyaharitash jijicanyu olivierh59500 0x3301 h3ll0world techlord-rce mzakyz666 0thm4n3 pentest30 jack51706 g33kyrash tardummy01 johnjohnsp1 samyoyo whsz6 wikijm minkione vysecurity br3ign damonmohammadbagher tobey123 darthra jackbro 0xbadbac0n chrisdanyk mucomplex omkarkirpan kaicastledine joker-ly dinamite01 msolivers antmoon rahe-iraq peterpt cybertroyeu techbytom gfxox3jj3cqr0rmy 0utcode sage-pe jaonlin kbahaxor nunombarros op3n-tor mshafiqsb michael254 suspicious-shell-activity arryboom bbsyaya pentestingxroot njseclab houcy hybridious sabriallani adde88 kuteminh11 vishalkrtr jak12801 bigbigx h0k5 mrread f0829 mehrdad-shokri exploitcollection cainiaoxiaobai2016 enigmatic88 yikez978 danxaldanxe yoohooyoo seabreg alpha0king baaslaawe kimyunz m00zh33 ro9ueadmin telmob gowabby ykankaya hackalicious louktao014 heikipikker permikomnaskaltara n4ous shubzz-02 shantanu561993 8l4nk sundaysec tim1512 peytondodd mmg1 tailoredaccessteam smalltalkking morristech qianniaoge meni0n ncryptedwifkali royrogers heretekk cos7

backdoorppt's Issues

{zenity} [x] Aborting all tasks : done!

it is died?

Asking

use for android.apk run in android phone

Resource Hacker

Resource hacker is installed on my system, but is not detected. The program then "install" it again just to repeat the whole process the next time because it is not detecting resource hacker

Kali 2018.4 - (64)

[x] ResourceHacker.exe -> not found!
Installing ResourceHacker under .wine directorys...
Version:windows7 Arch:x64 Path:drive_c/Program Files (x86)
/home/jinx/.wine/drive_c/Program Files (x86)/Resource Hacker/ResourceHacker.exe

[⊶] Please wait, restarting tool!
[⊶] For proper ResourceHacker.exe Instalation!

please could provide some examples

Not executing :( Here is the issue.

┌─[root@parrot]─[/home/user/backdoorppt]
└──╼ # ./backdoorppt.sh

+-+-+-+-+-+-+-+-+-+-+-+-+---+
|b|a|c|k|d|o|o|r|p|p|t|:|1.7|
+-+-+-+-+-+-+-+-+-+-+-+-+---+
'Office spoof extensions tool'
Credits: Damon Mohammadbagher

[☆] Checking backend applications ..
[☆] Ruby installation : found!
[☆] Wine installation : found!
[☆] Zenity installation : found!
[☆] Xterm installation : found!
[☆] Wine Program Files (x86) : found!
[x] Aborting all tasks : done!

Codename::ghost-in-a-shell
Author::pedr0 ubuntu::[r00t-3xp10it]
backdoorppt::v1.7::SuspiciousShellActivity©::RedTeam::2017
┌─[root@parrot]─[/home/user/backdoorppt]
└──╼ #

error while compiling..

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
-e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT) from -e:1:in

'
[⊶] Task over, Writing reports!