Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/r00t-3xp10it/backdoorppt
transform your payload.exe into one fake word doc (.ppt)
https://github.com/r00t-3xp10it/backdoorppt
fake-doc-builder office-word-doc payload rtlo spoof-extensions
Last synced: 2 days ago
JSON representation
transform your payload.exe into one fake word doc (.ppt)
- Host: GitHub
- URL: https://github.com/r00t-3xp10it/backdoorppt
- Owner: r00t-3xp10it
- Created: 2016-12-28T10:27:55.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2019-12-08T03:54:22.000Z (almost 5 years ago)
- Last Synced: 2024-10-26T20:35:05.420Z (16 days ago)
- Topics: fake-doc-builder, office-word-doc, payload, rtlo, spoof-extensions
- Language: Shell
- Size: 3.38 MB
- Stars: 460
- Watchers: 31
- Forks: 184
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[![Version](https://img.shields.io/badge/backdoorppt-1.7-brightgreen.svg?maxAge=259200)]()
[![Stage](https://img.shields.io/badge/Release-Stable-brightgreen.svg)]()
[![Build](https://img.shields.io/badge/Supported_OS-kali,Ubuntu,Mint-blue.svg)]()# backdoorppt - 'Office spoof extensions tool'
Version release: v1.7-Stable
Author: pedro ubuntu [ r00t-3xp10it ]
Distros Supported: Linux Kali, Ubuntu, Mint
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017![backdoorppt](http://i.cubeupload.com/2JJ2IA.png)
## Transform your payload.exe into one fake word doc (.ppt)
Simple script that allow users to add a ms-word icon to one
existing executable.exe (using resource-hacker as backend appl)
and a ruby one-liner command that will hidde the .exe extension
and add the word doc .ppt extension to the end of the file name.## Spoof extension methods
backdoorppt tool uses 2 diferent extension spoof methods:
'Right to Left Override' & 'Hide Extensions for Known File Types'
Edit the 'settings' file to chose what method should be used..cd backdoorppt && nano settings
![backdoorppt](http://i.cubeupload.com/ldKWDd.png)## Dependencies (backend applications required)
xterm, wine, ruby, ResourceHacker(wine)
'backdoorppt script will work on wine 32 or 64 bits'
'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'## Tool Limitations
1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt)
2º - backdoorppt requires ResourceHacker installed (wine) to change the icons
3º - backdoorppt present you 6 available diferent icons (.ico) to chose from
4º - backdoorppt does not build real ms-word doc files, but it will transform
your payload.exe to look like one word doc file (social engineering).
## Backdoorppt working (Kali distros)
![backdoorppt](http://i.cubeupload.com/ueWu5R.png)## transformed files on-target system (windows)
![backdoorppt](http://i.cubeupload.com/Hkv0jp.jpeg)
## Final notes
Target user thinks they are opening a word document file,
but in fact they are executing one binary payload insted.
## Video tutorials:
backdoorppt: https://www.youtube.com/watch?v=k4UJW4p1E3w&t=1s
### Special thanks:
**@Damon Mohammadbagher** | **Article: goo.gl/hKHesk**