{"id":13539804,"url":"https://github.com/r00t-3xp10it/backdoorppt","last_synced_at":"2025-04-05T14:06:48.040Z","repository":{"id":65357415,"uuid":"77524666","full_name":"r00t-3xp10it/backdoorppt","owner":"r00t-3xp10it","description":"transform your payload.exe into one fake word doc (.ppt)","archived":false,"fork":false,"pushed_at":"2019-12-08T03:54:22.000Z","size":3541,"stargazers_count":465,"open_issues_count":4,"forks_count":182,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-03-29T13:08:58.620Z","etag":null,"topics":["fake-doc-builder","office-word-doc","payload","rtlo","spoof-extensions"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r00t-3xp10it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-28T10:27:55.000Z","updated_at":"2025-03-14T23:34:12.000Z","dependencies_parsed_at":"2023-01-19T13:16:00.590Z","dependency_job_id":null,"html_url":"https://github.com/r00t-3xp10it/backdoorppt","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r00t-3xp10it%2Fbackdoorppt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r00t-3xp10it%2Fbackdoorppt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r00t-3xp10it%2Fbackdoorppt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r00t-3xp10it%2Fbackdoorppt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r00t-3xp10it","download_url":"https://codeload.github.com/r00t-3xp10it/backdoorppt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247345852,"owners_count":20924102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fake-doc-builder","office-word-doc","payload","rtlo","spoof-extensions"],"created_at":"2024-08-01T09:01:32.134Z","updated_at":"2025-04-05T14:06:48.019Z","avatar_url":"https://github.com/r00t-3xp10it.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"783f861b9f822127dba99acb55687cbb\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"80301821d0f5d8ec2dd3754ebb1b4b10\"\u003e\u003c/a\u003ePayload\u0026\u0026远控\u0026\u0026RAT","\u003ca id=\"b6efee85bca01cde45faa45a92ece37f\"\u003e\u003c/a\u003e后门\u0026\u0026添加后门"],"readme":"[![Version](https://img.shields.io/badge/backdoorppt-1.7-brightgreen.svg?maxAge=259200)]()\n[![Stage](https://img.shields.io/badge/Release-Stable-brightgreen.svg)]()\n[![Build](https://img.shields.io/badge/Supported_OS-kali,Ubuntu,Mint-blue.svg)]()\n\n\n\n# backdoorppt - 'Office spoof extensions tool'\n\n Version release: v1.7-Stable\n Author: pedro ubuntu [ r00t-3xp10it ]\n Distros Supported: Linux Kali, Ubuntu, Mint\n Suspicious-Shell-Activity© (SSA) RedTeam develop @2017\n\n![backdoorppt](http://i.cubeupload.com/2JJ2IA.png)\n\n\u003cbr /\u003e\n\n## Transform your payload.exe into one fake word doc (.ppt)\n\n Simple script that allow users to add a ms-word icon to one\n existing executable.exe (using resource-hacker as backend appl)\n and a ruby one-liner command that will hidde the .exe extension\n and add the word doc .ppt extension to the end of the file name.\n\n\n## Spoof extension methods\n\n backdoorppt tool uses 2 diferent extension spoof methods:\n 'Right to Left Override' \u0026 'Hide Extensions for Known File Types'\n Edit the 'settings' file to chose what method should be used..\n\n cd backdoorppt \u0026\u0026 nano settings\n![backdoorppt](http://i.cubeupload.com/ldKWDd.png)\n\n## Dependencies (backend applications required)\n\n xterm, wine, ruby, ResourceHacker(wine)\n\n 'backdoorppt script will work on wine 32 or 64 bits'\n 'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'\n\n## Tool Limitations\n\n 1º - backdoorppt only supports windows binarys to be transformed (.exe -\u003e .ppt)\n 2º - backdoorppt requires ResourceHacker installed (wine) to change the icons\n 3º - backdoorppt present you 6 available diferent icons (.ico) to chose from\n 4º - backdoorppt does not build real ms-word doc files, but it will transform\n your payload.exe to look like one word doc file (social engineering).\n\n\n\u003cbr /\u003e\u003cbr /\u003e\n\n## Backdoorppt working (Kali distros)\n![backdoorppt](http://i.cubeupload.com/ueWu5R.png)\n\n## transformed files on-target system (windows)\n![backdoorppt](http://i.cubeupload.com/Hkv0jp.jpeg)\n\n\u003cbr /\u003e\u003cbr /\u003e\n\n## Final notes\n\n Target user thinks they are opening a word document file,\n but in fact they are executing one binary payload insted.\n\n\u003cbr /\u003e\n\n\n\n## Video tutorials:\n\nbackdoorppt: https://www.youtube.com/watch?v=k4UJW4p1E3w\u0026t=1s\n\n\u003cbr /\u003e\n\n### Special thanks:\n**@Damon Mohammadbagher** | **Article: goo.gl/hKHesk**\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr00t-3xp10it%2Fbackdoorppt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr00t-3xp10it%2Fbackdoorppt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr00t-3xp10it%2Fbackdoorppt/lists"}