backdoorppt - 'Office spoof extensions tool'
Transform your payload.exe into one fake word doc (.ppt)
Spoof extension methods
Dependencies (backend applications required)
Tool Limitations
Backdoorppt 1º run (Kali distros)
Backdoorppt working (Kali distros)
transformed files on-target system (windows)
Final notes
Credits: Damon Mohammadbagher
Article: goo.gl/hKHesk
Version release: v1.5-Stable
Distros Supported: Linux Kali, Ubuntu, Mint
Author: pedro ubuntu [ r00t-3xp10it ]
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017
Transform your payload.exe into one fake word doc (.ppt)
Simple script that allow users to add a ms-word icon to one
existing executable.exe (using resource-hacker as backend appl)
and a ruby one-liner command that will hidde the .exe extension
and add the word doc .ppt extension to the end of the file name.
Spoof extension methods
backdoorppt tool uses 2 diferent extension spoof methods:
'Right to Left Override' & 'Hide Extensions for Known File Types'
Edit the 'settings' file to chose what method should be used..
cd backdoorppt && nano settings
Dependencies (backend applications required)
xterm, wine, ruby, ResourceHacker(wine)
'backdoorppt script will work on wine 32 or 64 bits'
'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'
Tool Limitations
1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt)
2º - backdoorppt requires ResourceHacker installed (wine) to change the icons
3º - backdoorppt present you 6 available diferent icons (.ico) to chose from
4º - backdoorppt does not build real ms-word doc files, but it will transform
your payload.exe to look like one word doc file (social engineering).
Backdoorppt 1º run (Kali distros)
Backdoorppt working (Kali distros)
transformed files on-target system (windows)
Final notes
Target user thinks they are opening a word document file,
but in fact they are executing one binary payload insted.
Credits: Damon Mohammadbagher
Article: goo.gl/hKHesk