后门制造工厂——The Backdoor Factory

fake 2013-08-23 222359人围观 ,发现 7 个不明物体 工具

The Backdoor Factory是一款安全测试工具,可以轻松的生成win32PE后门测试程序值得注意的是,本工具仅用于安全实验和信息安全实验教学使用,禁止任何非法用途!

特性

-目标文件会被拷贝并且打上补丁
-注入反弹脚本
-修改PE/COFF头以为所有的WIN32 DLL增加附加选项

使用

Usage: ./backdoor.py -h
Usage: backdoor.py [options]
Options: -h, --help show this help message and exit
-f FILE, --file=FILE File to backdoor
-i HOST, --hostip=HOST IP of the C2 for reverse connections
-p PORT, --port=PORT The port to either connect back to for reverse shells or to listen on for bind shells
-o OUTPUT, --output-file=OUTPUT The backdoor output file
-s SHELL, --shell=SHELL Payloads that are available for use.
-n NSECTION, --section=NSECTION New section name must be less than seven characters
-c, --cave The cave flag will find code caves that can be used for stashing shellcode. This will print to all the code caves of a specific size. The -l flag can be use with this setting.
-d DIR, --directory=DIR This is the location of the files that you want to backdoor. You can make a directory of file backdooring faster by forcing the attaching of a codecave to the exe by using the -a setting.
-v, --verbose For debug information output.
-e ENCODER, --encoder=ENCODER Encoders that can help with AV evasion.
-l SHELL_LEN, --shell_length=SHELL_LEN For use with -c to help find code caves of different sizes
-a, --add_new_section Mandating that a new section be added to the exe (better success) but less av avoidance
-w, --change_access This flag changes the section that houses the codecave to RWE. Sometimes this is necessary. Enabled by default. If disabled, the backdoor may fail.
-j, --injector This command turns the backdoor factory in a hunt and shellcode inject type of mechinism. Edit the target settings in the injector module.
-u SUFFIX, --suffix=SUFFIX For use with injector, places a suffix on the original file for easy recovery
-D, --delete_original For use with injector module. This command deletes the original file. Not for use in production systems. Author not responsible for stupid uses.

下载地址

这些评论亮了

  • 河蟹 回复
    @千秋丶千年  国际黑客河蟹表示赞同。这位幸运用户,你已经被河蟹抽中,奖品是50年班房,领奖办法请拨打110
    )21( 亮了
发表评论

已有 7 条评论

取消
Loading...
css.php