The exploit code worked well on an XP SP2 machine with no Anti-virus software, and would work well on any machine that didn't have Anti-virus installed, but it was less effective on a Windows 10 machine with the basic default Windows Anti-virus installed. We had to turn off the real-time checking feature on the Anti-virus to get the e-mail to read without errors, and the Anti-virus scrubbed out our doctored file. As security engineers, we are happy that Microsoft Windows 10 has such an effective anti-malware feature, right out of the gate. As penetration testers, we are disappointed.

The Backdoor Factory inserts shell-code into working EXE files without otherwise changing the original all that much. You can use the executables in the following /usr/share/windows-binaries directory, or any other Windows binary that does not have protection coded into it:

The code to run Backdoor Factory and create a remote shell with a listener at 10.0.0.2 on port...