A Concept design of a backdoor that utilizes HTTP/TCP sockets,
Caesar encryption, api.smsglobal.com (for SMS), & more.
The file moves itself, renames itself (as backdoor.exe), hides itself, and re-executes itself
inside of the target's AppData folder.
Detailed explanation
The application is a Trojan that moves itself into the users AppData
folder and sets its
attribute to hidden. The file then pings a user-defined host server that holds the malicious
payload and downloads it. In my case this file was the Nishang Invoke-PowershellTcp.ps1
You can set this to whatever you want obviously. Once the Payload is downloaded, the
application then attempts to run it with a reverse shell to another user-defined listening
server (In this case, defaulted to port 8080).
If successful, the listening receiver will have a Powershell like environment to do
whatever the receiver pleases with the victim's pc.
If you compile this code as is, it IS NOT malicious in any way shape or form. In fact, the
program will run for about 5 minutes before aborting.
- WSL2/Ubuntu (Docker)
make docker-container make docker-build
- User-defined hostname that hosts the payload.
- User-defined hostname that listens for the activation signal.
- The actual payload that is hosted itself.