Skip to content

Backdoored .exe fake docx file

Latest
Compare
Choose a tag to compare
@PetchouDev PetchouDev released this 05 Feb 20:45
· 6 commits to main since this release

Description
simple python compiled loader as admin, will prompt for admin elevation

Features

  • Take control of keyboard and mouse to init the process as admin (will trigger a context uac prompt)
  • Create .bat script to disable .exe sandboxing and detection
  • Download meterpreter payload from github with http and requests python module
  • Run the meterpreter as administrator, right after disabling .exe detection
  • The script can get flagged by application and browser control, but nothing will happen to the file
  • The payload bypasses Windows Defender, but get getsystem command can get flagged due to Name Pipe Impersonation

Coming soon

  • Reboot task to reload the payload
  • graphical victim interface (better trap)
  • maybe automatic privileges escalation

Full Changelog: release...windowsLoader