Results 1 to 10 of 10

Thread: I want to code simple backdoors, small in size...

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default I want to code simple backdoors, small in size...

    I like ruby, i have used rubyscript2exe.rb to compile a script, this script only contains puts "hellow world"... i then uploaded the executable generated to virus total and its spoted by 2 anti-viruses... i also noticed the size of the file is huge for only one line of script, i know the compiler gathers all files needed from the ruby directory and compiles these files with your desired script.

    i want to code my own payloads to be small in size and function on windows platforms.

    rubyscript2exe.rb, can i narrow down what files are included when i compile my scripts to reduce size? how do i know what the bare minimum requirement is? lets say for example the script require 'socket'

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Im fairly sure what it does is bind the interpreter with it actually, so you wont get to small ever, you want something smaller, go with a compiled language (C,C++,ASM)

  3. #3
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    Quote Originally Posted by HitThemLow View Post
    Im fairly sure what it does is bind the interpreter with it actually, so you wont get to small ever, you want something smaller, go with a compiled language (C,C++,ASM)
    I have tried gcc with some simple C source for windows... with backtrack 4 i get the error windows.h not found... i have search for the headers in a zip file for linux use but i dont know...

    find | grep windows.h

    i did find the header files in the wine directory, i could copy them over to the gcc directory but im not sure of its location...

    iv thought asm would be good to learn, but its not like any other language iv ever seen...

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Two things, first:
    Code:
    find . -name 'windows.h'
    And second, where are you compiling from? I do some fairly heavy windows/networking code by starting with:
    Code:
    cd /root/.wine/drive_c/MinGW/bin
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    http://mirrors.zoreil.com/webclub.kc...n32/hello.html

    cd /root/.wine/drive_c/MinGW/bin

    i still get the error with gcc 'windows.h' not found

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    This is off a BT3-Final (differences may apply). Just as an aside, these are windowing applications (GUI's), so they wouldn't necessarily suit you well for your purpose. I suggest you read "Beej's Guide to Network Programming" to get a good feel for socket programming in C (and in windows), as well as having a peek at the MSDN documents for specific API's. MOST IMPORTANTLY, write a defined idea of what you want, and code to that (otherwise you'll end up with my pentest-backdoor kit, which can, among other things, send encrypted data out via Tor+Torrents - which was nifty fun when I wrote it, but amazingly useless for a pentest.
    Code:
    hacktop ~ # cd .wine/drive_c/MinGW/bin/
    hacktop bin # wget http://mirrors.zoreil.com/webclub.kcom.ne.jp/ma/colinp/win32/simple.txt -O /tmp/simple.c 
    --11:05:16--  http://mirrors.zoreil.com/webclub.kcom.ne.jp/ma/colinp/win32/simple.txt
               => `/tmp/simple.c'
    Resolving mirrors.zoreil.com... 83.167.33.48
    Connecting to mirrors.zoreil.com|83.167.33.48|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 366 [text/plain]
    
    100%[====================================>] 366           --.--K/s             
    
    11:05:17 (16.66 MB/s) - `/tmp/simple.c' saved [366/366]
    
    hacktop bin # wine gcc -o /tmp/simple.exe /tmp/simple.c 
    hacktop bin # wine /tmp/simple.exe
    And my pop up window appears.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    thank you for your help...

    im going to stick with ruby because of its simplicity...

    maybe a bit of help with a quick script...

    i need to take a string, split this string into small blocks

    strings="a9digh0t5"
    # every 3 bytes i need broke into separate strings[x]
    puts(string[1])
    puts(string[2])
    puts(string[3])

    any ideas?

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    I'm not a ruby coder, so my fu is weak, but you might try something with strings.each_byte and a counter.

    The problem with doing it in ruby is rather evident: There is no native ruby implementation, so you have to get an interpreter on there as well (or a meterpreter, which would provision you with a decent base, but might get you caught by AV which I presume is why you are trying to get around it - check out the bypassing AV thread for some interesting points).

    I started off writing vb code to automate simple tasks after I got in (dumping users, who is logged in, shares etc.) - nowadays you can use powershell or whatever the hell Microsoft called it to do the same tasks. The bonus here is that it is native, it's realtivly easy to read - and most importantly, you don't need a different version for different OS bases, the code works across multiple compiles.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    im sending files back and forth from server.rb and client.rb... i got the concept down... now i need to create a function for sending larger files by spliting the data down into blocks... I know what needs to be done and its exciting to watch my functions work

    its little problems i always run into...

  10. #10
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by BigMac View Post
    im sending files back and forth from server.rb and client.rb... i got the concept down... now i need to create a function for sending larger files by spliting the data down into blocks... I know what needs to be done and its exciting to watch my functions work

    its little problems i always run into...
    Count 300 bytes, send data to the other end (give it a header), check the hash and sequence number, write to file. Pseudo header:
    Code:
    |sequencenumber|size|hash|data|endofpacket|
    So many ways to solve problems, so little time.

    Actually if you look at how TCP breaks things up that might be useful, also check how TFTP works (it's UDP based and doesn't have a lot of TCP's controls so you have to implement them manually).
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •