• XSS.stack #1 – первый литературный журнал от юзеров форума

Help with my malware

Отслеживать
DanteXDark сказал(а):
if you know how to spread then maybe yes, i am not that much good at spreading but iso + lnk seems to be a good combo, you are also trying to spam then we can work together ;)
Yeah sure we can do but .lnk doesn't seem so good to me as it can't be sent via email. Do you have .Xll exploit? If possible 0day .Xll exploit if signed by a trusted EV Publisher. That's why i'm looking for an EV Publisher. The .xll opens the .exe in one click, FUD
 
maxim1of1 сказал(а):
Yeah sure we can do but .lnk doesn't seem so good to me as it can't be sent via email. Do you have .Xll exploit? If possible 0day .Xll exploit if signed by a trusted EV Publisher. That's why i'm looking for an EV Publisher. The .xll opens the .exe in one click, FUD
yah you cannot attach iso and lnk in emails but you can give a direct download link ;), i am also looking for xll exploit (
 
DanteXDark сказал(а):
yah you cannot attach iso and lnk in emails but you can give a direct download link ;), i am also looking for xll exploit (
This execution chain has been combined with password-protected .zip files(Just place the iso/lnk inside the zip achieve) which can't get scanned.
You attach the .zip file and put the password within the mail-content.
 
th3tr0ll сказал(а):
This execution chain has been combined with password-protected .zip files(Just place the iso/lnk inside the zip achieve) which can't get scanned.
You attach the .zip file and put the password within the mail-content.
yah but opening zip and then lnk seems too clicky
 
DanteXDark сказал(а):
yah but opening zip and then lnk seems too clicky
Well, even Excel macros need the victims to enable them... at some point all those execution chains require that the victim is stupid enough and performs specific actions.
 
th3tr0ll сказал(а):
Well, even Excel macros need the victims to enable them... at some point all those execution chains require that the victim is stupid enough and performs specific actions.
yah you are correct, and it is easy to convince people to enable macros XD , i just think it is lil bit hard to understand victims how to extract an run
 
Пожалуйста, обратите внимание, что пользователь заблокирован
DanteXDark сказал(а):
yah you are correct, and it is easy to convince people to enable macros XD , i just think it is lil bit hard to understand victims how to extract an run
its easy :)
When somone will try to open your lnk, winrar will ask for password. When password is correct, your lnk will run.
 
th3tr0ll сказал(а):
This execution chain has been combined with password-protected .zip files(Just place the iso/lnk inside the zip achieve) which can't get scanned.
You attach the .zip file and put the password within the mail-content.
so .lnk does infact work? i was having issues with getting virus detected on download in chrome, i used a tutorial here to make the lnk file but i assume maybe thats why?
thanks for the responses, ive been trying to get this to work for ages now.
can anyone recommend where to host exe?
 
Пожалуйста, обратите внимание, что пользователь заблокирован
sallynice45 сказал(а):
so .lnk does infact work? i was having issues with getting virus detected on download in chrome, i used a tutorial here to make the lnk file but i assume maybe thats why?
thanks for the responses, ive been trying to get this to work for ages now.
can anyone recommend where to host exe?
the best on your own hosting :)
i will tell you where you can host in pm, write to me
 
sallynice45 сказал(а):
so .lnk does infact work? i was having issues with getting virus detected on download in chrome, i used a tutorial here to make the lnk file but i assume maybe thats why?
thanks for the responses, ive been trying to get this to work for ages now.
can anyone recommend where to host exe?
in the above poc i hosted all the stagers on discord ;) and still FUD
 
What a drama.

You can host your final payload anywhere,your own server or third-party services,specially legitimate ones,to host your final payload or the initial delivery(zip/iso) for example if you are not attaching to the email.

The guys above said almost everything already. In my case I use zipped password protected archive with DLL Search Order hijacking besides the .lnk and office macros. For those who don't know this technique,basically you use a legitimate vulnerable .exe file to load a malicious DLL on the same directory,or sideload. Choose a .exe with icon that helps with the social engineering in your campaign and that don't show any gui on the execution.

And about this taking too much steps to achieve execution,remember that is all about social engineering,people are dumb.

Video POC:

20220909093742.mp4 - VEED - Online Video Editor - Video Editing Made Simple

www.veed.io

It took long to show the decoy because my connection was slow. You can see that the file is signed by microsoft and don't show any popups besides my custom decoy message box.
 
Последнее редактирование:
marauda18 сказал(а):
What a drama.

You can host your final payload anywhere,your own server or third-party services,specially legitimate ones,to host your final payload or the initial delivery(zip/iso) for example if you are not attaching to the email.

The guys above said almost everything already. In my case I use zipped password protected archive with DLL Search Order hijacking besides the .lnk and office macros. For those who don't know this technique,basically you use a legitimate vulnerable .exe file to load a malicious DLL on the same directory,or sideload. Choose a .exe with icon that helps with the social engineering in your campaign and that don't show any gui on the execution.

And about this taking too much steps to achieve execution,remember that is all about social engineering,people are dumb.
thats smart
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх