email spreading

[sallynice45]

can someone tell me an effective way to spread a link over email? it seems i try gg short url and it just doesnt work? am i missing something? trying to spread my lnk direct download link.

thanks

 

[nek_0]

Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

 

[Aster]

Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

MSI is bad for this.

 

[Anunnaki]

try html smuggling combined with xor encryption or smuggle the file by spoofing google drive URL for attachments

 

[Aster]

try html smuggling combined with xor encryption or smuggle the file by spoofing google drive URL for attachments

HTML with xor encryption? Can you explain more?

 

[sallynice45]

Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

was kinda hoping to skip all the testing cause ive done too much already and hoping someone can just tell me what is actually working at the moment lol.
like HOW are people spreading exe in an email?? this is what im after. i know to zip, and put a password.. but still having difficulties.

 

[sallynice45]

HTML with xor encryption? Can you explain more?

^ maybe a tutorial :S lol

 

[nek_0]

MSI is bad for this.

it can be done but you are correct, not ideal.

 

[Aster]

it can be done but you are correct, not ideal.

MSIs are very detected.
Lnks are better, even under password is zip/rar.

 

[sallynice45]

MSIs are very detected.
Lnks are better, even under password is zip/rar.

how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

 

[Aster]

how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

Well, if you are using public lnk builder then good luck
Malware is hard without investment.

 

[DanteXDark]

how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

umm i think INK detections depends on how you calling powershell and downloading and executing bad stuff, try to download and run your stub in multiple stages

 

[DanteXDark]

https://www.ired.team/offensive-security/defense-evasion/file-smuggling-with-html-and-javascript

obfuscate the javascript host the html on server and put direct link in html templet.

^ maybe a tutorial :S lol

 

[Anunnaki]

https://www.ired.team/offensive-security/defense-evasion/file-smuggling-with-html-and-javascript

obfuscate the javascript host the html on server and put direct link in html templet.

There are varieties to this method. This quotes link source doesn't include xor encryption/decryption. Also look into using MS-office URI protocols to directly execute from URL which can be embedded into emails or invoked via some crafty OOXML vector in email attachment . This can be combined with earlier method for more novelty.

As an additional sidenote, DNS tunneling works wonders still

 

[DanteXDark]

There are varieties to this method. This quotes link source doesn't include xor encryption/decryption. Also look into using MS-office URI protocols to directly execute from URL which can be embedded into emails or invoked via some crafty OOXML vector in email attachment . This can be combined with earlier method for more novelty.

As an additional sidenote, DNS tunneling works wonders still

humm looks good can you share some resources (blogs or anything )

 

[nek_0]

humm looks good can you share some resources (blogs or anything )

humm looks good can you share some resources (blogs or anything )

XSS is one good source

 

[marauda18]

There are a lot of ways to execute your payload using lnk, avoid powershell.exe for example. There are others LOLBINS to achieve the same thing.

 

[Aster]

There are a lot of ways to execute your payload using lnk, avoid powershell.exe for example. There are others LOLBINS to achieve the same thing.

Exactly.

 

[Muuurlock]

Try pdf with hotlinks, bro)
Tis working good

 

[sallynice45]

Try pdf with hotlinks, bro)
Tis working good

can i get some more information please?

still looking for some help