Backdoor Development: Creating a Trojanized System Binary with C

5 місяців тому

Repository: github.com/Drew-Alleman/netst...
0:59 - Downloading and setting up netstat source
1:56 - Importing C Socket libraries
2:34 - Defining Constants
3:45 - Creating the backdoor function
10:57 - Testing trojan
12:00 - Making the backdoor run in the background
14:57 - Modifying the netstat output to hide the backdoor
17:33 - Testing the new trojan binary
18:18 - Virustotal report of the Trojan
18:43 - Replacing the orginal netstat binary
--- Resources
book.hacktricks.xyz/welcome/r...
gtfobins.github.io/
github.com/danielmiessler/Sec...
highon.coffee/blog/reverse-sh...
github.com/BlackArch/webshells

КОМЕНТАРІ: 35

@hayreddinbarbarossa3132 4 місяці тому

Amazing video dear friend. I hope you keep it up.

@MasterCraft_48 5 місяців тому

That thumbnail is something of beauty

@urban248 5 місяців тому

Great content! Keep it up ❤

@drewalleman 5 місяців тому

Thank you 🙌

@twobob 2 місяці тому

fun project

@rubbermaiden Місяць тому

Very nice, congrats

@puucca 5 місяців тому

Beautiful

@drewalleman 5 місяців тому

Thanks

@TsukiCTF 4 місяці тому

Good one

@adamgkruger Місяць тому

Loved it!

@takashisclh8766 4 місяці тому

Bro u r goat

@Enerzon 4 місяці тому

I will be your greatest student.❤

@bravefastrabbit770 4 місяці тому

thank you Dear Sir

@antoineflowers6438 3 місяці тому

Awesome video!!! Do you play HTB battlegrounds or mayhem? That would be a cool video seeing you use this..

@drewalleman 3 місяці тому

I have not. I will look into it.

@InuYasha-SitBoy 4 місяці тому

great video. yall ever try binject? it keeps functionality of binaries (if you want) and launches your own custom exe or shellcode. that way you dont have to make a 1000 custom binaries. fyi its golang so the exe is gonna be fairly large, but at least its statically compiled.

@drewalleman 4 місяці тому

Whattt that's crazy! I will check that out..

@InuYasha-SitBoy 4 місяці тому

@@drewalleman i honestly think the only video on UKposts about it was literally made by the creator itd be a good video. seems down your alley

@drewalleman 4 місяці тому

@@InuYasha-SitBoy I will definitely consider it. I am about to start working on another idea that might implement that tool so will see.

@dadamnmayne 4 місяці тому

@@InuYasha-SitBoy usually, you need to hollow the process so that you'll have a place to run the shellcode.

@root924 Місяць тому

what font in vim?

@dzbro1194 27 днів тому

Would a checksum on the netstat binary be enough to determine that it was tampered with?

@drewalleman 24 дні тому

Yes, that would detect it.

@CN-Aqi 11 днів тому

Hi, I hope to get in touch with you.

@redcrystal3170 4 місяці тому

What OS are you using?

@drewalleman 4 місяці тому

Ubuntu with some gnome extensions

@appocalypse3012 2 місяці тому

@@drewallemancould you please share those chrome extensions, its really awesome and I would like to try it out

@drewalleman 2 місяці тому

@@appocalypse3012 they are gnome extensions for Ubuntu github.com/Drew-Alleman/neovim

@Chapter_onex 3 місяці тому

sir how can i test that my windows

@drewalleman 3 місяці тому

This is for Linux idk if the same netstat source can be compiled on Windows, they might have proprietary code.

@nocturne2172 2 місяці тому

I thought sysadmins used ss nowadays

@drewalleman Місяць тому

They do, this is a proof of concept, and a lot of the code in this project can be directly copied over.

@twobob 2 місяці тому

audio too quiet

@greyburns6170 Місяць тому

Turn up the volume

@twobob Місяць тому

@@greyburns6170yeah I did. Compression is what is required. That said it was a good project. just too quiet.