backdoorppt - Transform your payload.exe into one fake word doc - Haxf4rall

backdoorppt – Transform your payload.exe into one fake word doc

January 27, 2017November 18, 2017 Comments Off

Simple script that allow users to add a ms-word icon to one existing executable.exe (using resource-hacker as backend appl) and a ruby one-liner command that will hidde the .exe extension
and add the word doc .ppt extension to the end of the file name.


Version release: v1.5-Stable
Distros Supported: Linux Kali, Ubuntu, Mint
Author: pedro ubuntu  [ r00t-3xp10it ]
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017

Spoof extension methods

backdoorppt tool uses 2 diferent extension spoof methods:
'Right to Left Override' & 'Hide Extensions for Known File Types'
Edit the 'settings' file to chose what method should be used..

cd backdoorppt && nano settings

Dependencies (backend applications required)

xterm, wine, ruby, ResourceHacker(wine)

'backdoorppt script will work on wine 32 or 64 bits'
'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'

Tool Limitations

1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt)
2º - backdoorppt requires ResourceHacker installed (wine) to change the icons
3º - backdoorppt present you 6 available diferent icons (.ico) to chose from
4º - backdoorppt does not build real ms-word doc files, but it will transform
     your payload.exe to look like one word doc file (social engineering).

Backdoorppt 1º run (Kali distros)

Backdoorppt working (Kali distros)

transformed files on-target system (windows)

Final notes

Target user thinks they are opening a word document file,
but in fact they are executing one binary payload insted.

Credits: Damon Mohammadbagher

Related Articles

pyvit: Python Vehicle Interface Toolkit

July 17, 2019

Megaping – Network Mapping Toolkit

July 16, 2019July 16, 2019

Cyber Triage – Practical Endpoint Response

July 13, 2019July 11, 2019