backdoorppt - 'Office spoof extensions tool'
Version release: v1.5-Stable Distros Supported: Linux Kali, Ubuntu, Mint Author: pedro ubuntu [ r00t-3xp10it ] Suspicious-Shell-Activity© (SSA) RedTeam develop @2017
Transform your payload.exe into one fake word doc (.ppt)
Simple script that allow users to add a ms-word icon to one existing executable.exe (using resource-hacker as backend appl) and a ruby one-liner command that will hidde the .exe extension and add the word doc .ppt extension to the end of the file name.
Spoof extension methods
backdoorppt tool uses 2 diferent extension spoof methods: 'Right to Left Override' & 'Hide Extensions for Known File Types' Edit the 'settings' file to chose what method should be used.. cd backdoorppt && nano settings
Dependencies (backend applications required)
xterm, wine, ruby, ResourceHacker(wine) 'backdoorppt script will work on wine 32 or 64 bits' 'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'
1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt) 2º - backdoorppt requires ResourceHacker installed (wine) to change the icons 3º - backdoorppt present you 6 available diferent icons (.ico) to chose from 4º - backdoorppt does not build real ms-word doc files, but it will transform your payload.exe to look like one word doc file (social engineering).
Backdoorppt 1º run (Kali distros)
Backdoorppt working (Kali distros)
transformed files on-target system (windows)
Target user thinks they are opening a word document file, but in fact they are executing one binary payload insted.
Credits: Damon Mohammadbagher