Patching Binary for Fun and Profit – Part -1

Share Button

Hi folks, I will be blogging with series of blogs on Patching binary. “Backdoor Binary”, which allowed you to patch binary file with custom shellcode using concept called code cave (You can read from https://en.wikipedia.org/wiki/Code_cave

http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves and http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves#Introduction0 )

Now, let’s download the updated Backdoor Factory, from https://github.com/secretsquirrel/the-backdoor-factory  or you can used Kali Linux.

Type python backdoor-factory.py to list out the tool options

1

Used file called Diskmon.exe from Sysinternals tool to backdoored the shellcode, download Sysinternals Suite tool from https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

2

–f options used for defined a file

-H options used for set attacker IP Address, require for reverse connection

-p options used for set any random port number

-s show options used to list out all the available payloads

3

Used meterpreter_reverse_https_threaded payload for this article, you can also read more details about payload from https://www.offensive-security.com/metasploit-unleashed/payloads/will discuss other payload usage in different way in other article

4

Select the caves and type enter

5

Visit “Backdoored” directory and send Diskmon.exe malicious file to the victim

6

Now setup Metasploit with appropriate payload, hosts and port number

7

Set up payload and other require options

8

Now opened malicious Diskmon.exe file with PEView tool, Cave has been injected in between 0x133f3 – 0x13ffc in text section (.text) (check this carefully while selecting caves)

9

10

Successfully exploited victim machine by patching binary file

 

 

 

Share Button

2 Comments

Leave a Reply

Your email address will not be published.


*