Skip to content

Creating malware and custom payloads

AV0id

AV0id.

Darkarmour

Darkarmour

Empire

Empire cheat sheet.

FatRat

FatRat cheat sheet.

Mythic C2 Framework

https://github.com/its-a-feature/Mythic The Mythic C2 framework is an alternative option to Metasploit as a Command and Control Framework and toolbox for unique payload generation. A cross-platform, post-exploit, red teaming framework built with GoLang, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.

msfvenom

msfvenom cheat sheet.

Nishang

nishang cheat sheet

Syringe

syringe

Veil

Veil cheat sheet.

Creating malware in pdf

These two modules in metasploit:

  • exploit/windows/fileformat/adobe_pdf_embedded_exe
  • exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs

Creating malware in word document

1. Craft an executable

Use for instance veil.

2. Convert it to a VisualBasic script - macro code

locate exe2vba
# Result: /usr/share/metasploit-framework/tools/exploit/exe2vba.rb

# Go to the folder
cd /usr/share/metasploit-framework/tools/exploit/

# Create the malicious vba script
./exe2vba.rb <first-parameter> path/to/nameOfOutputFile.vba
# first parameter: malicious executable file that will be converted to macro code. Take the path to the .exe file provided by veil

3. Create an MS Word document

4. Opena new macro and embed macro code

5. Copy the payload as text in the word document. If it's too long, disguise it (set font color to white).

6. Convince the victim to have macros enabled.

7. Start a listener and wait for the victim to connect.

Creating malware in a Firefox addon

Use the metasploit module to generate the addon: exploit/multi/browser/firefox_xpi_bootstrapped_addon

It will be served from SRVHOST:SRVPORT/URIPATH. This URL you can serve it from a phishing email.

Last update: 2023-07-10
Created: March 28, 2023 14:53:05