BDFProxy – HackMag
BDFProxy – HackMagBDFProxy – HackMag
Рады представить вашему вниманию магазин, который уже удивил своим качеством!
И продолжаем радовать всех!)
Мы - это надежное качество клада, это товар высшей пробы, это дружелюбный оператор!
Такого как у нас не найдете нигде!
Наш оператор всегда на связи, заходите к нам и убедитесь в этом сами!
Наши контакты:
Telegram:
ВНИМАНИЕ!!! В Телеграмм переходить только по ссылке, в поиске много фейков!
Well, you are wrong. I shall be honest with you, it is not that secure to download files from the web as it might be seemed from the first sight. Then look, or better say, read. After all, unlike servers with great amount of additional software web-servers, DBMS, FTP-servers… that actually increases that chances to find a way to get a remote shell, in case of an ordinary workstation we barely can gain a foothold. And our absent-minded Vasya has forgotten to turn off an automatic system update, so there is no way to get in using some old-fashioned exploit. So, the situation is not easy but not like a blind alley. Here we can count on our skills of social engineers or, for example, use Evilgrade, as long as Vasya has his auto updates turned on! But there is another way as well — BDFProxy. BDFProxy is a tool that has been developed from two different instruments. Initially, the author of BDFProxy Joshua Pitts created the tool called The Backdoor Factory that actually was designed to automate patching of the files in order to plug in backcodes which might be quite crucial for penetration testing. There is another one, mitmproxy , which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types. By means of crossing of those two tools we got BDFProxy. The tool can patch on fly the binaries downloading by a victim. And now, just imagine, how many official websites share their programs via HTTP. Well, moreover, a lot of quite big companies, like Sysinternals, Microsoft, Malwarebytes, SourceForge, Wireshark, as long as a great amount of Antivirus Companies do that. So, while most of the antivirus products can detect data integrity damaging, the regular software does not fit up with such functions. Which means that its modification rest unnoticed by a user. First and foremost, we need further packages: So, we need to copy BDFProxy to a homonym folder and launch the installation:. Then we are just sitting and waiting. Thus, everything is ready to use. According to the author, before every launch we should run the update command in case of changes and renews: So, here we are facing the most interesting part — configuration, that we can find in bdfproxy. The white ones are those to be patched, while the black ones not. These worksheets are designed as for hosts where we point out from which servers the binaries needed to be patched and from which not default mode ALL means that all the binaries will be patched , so for the key words where we put all the data that should not be patched in a black list. For example, executable files of popular programs and DLL — libraries: After we have everything installed, we can, finally, launch our tool and hack ourselves in a best possible way. There we can find how to use it:. You, probably, have already undrestood that the msfconsole is the most popular MSF interface. At the first sight the Msfconsole could seem slightly mixed-up and not really clear, however, when you start to understand the command syntax, you start to appreciate the great effectiveness of the interface usage. Returning to our console dest, we are completing the set-up:. Now, when we will be downloading some binary from the web it going to be patched on the fly and, at the same time, it will be quite difficult for antivirus programs to detect it. Plus, after the launch we have a fully-featured shell on the remote computer. All you need to do so far is to connect to it and rule it at your own pleasure:. Well, in order to run such an attack in the real conditions, it is necessary to put the BDFProxy between a victim and the global or local LAN. There are several ways to run MITM and it depends on the situation which one to choose. As for the launching ground we are going to use Kali Linux, however, any other distributive will be ok. If you still do not have the Tor installed on your computer, it is time to launch this:. First, we need to understand which configuration parameters we will need. ControlPort this port will enable the Tor to receive connections to operate Tor-server. DirPort here the Tor is going to receive data from the directory server. Next, ExitPolicy determine which traffic is going to be received or forwarded. It has further format ExitPolicy Accept reject address: We can run something like this:. Thereby we are going to divide the whole traffic, except for the further ports 80, , , , и We can add or remove something as an option. As the phrase goes — A man is the king in his house. HashedControlPassword the hash for password to access and to configure the Tor server can be done using this command: Nickname — is the name of our server. ORPort — is the port receiving connections from other nodes. We need such configuration if we will use Tor in combination with Privoxy or other proxies. After a little while our computer become a full-featured exit-node! By the way, I highly recommend you to create a separate user in order to run the Tor instead of launching it using the root. Well, we are not satisfied with what has been already achieved. Hope you have not forgotten why we have been doing all that. All that is left to do is to forward the income traffic to our BDFProxy and track the appearance of new sessions in Metasploit, which will mean that the patched binary has been successfully launched by a victim. In order to do that we will use iptables:. As long as the Tor does not work properly yet and has some shakes from time to time, we gave you not really correct or better say not correct at all ; rule for the packet filter so your experiments will not destroy the whole project. However, if you want to come down to brass backs, then your home task is to find out the way how to correct all the screwups. After the disclosure, the researchers tried to imitate such an attack. Likewise, downloading the modified package with Windows Update, the system throw an error message 0x This code point out the problem with signature check-up of the downloading binary. However, when we google the solution for such problem and follow the very first link we will get to the Microsoft offsite where will find the way how to repair this error with a link for path. The truth is that the path is also modified, and as long as it will be installing without using Auto Update Service but separately it will not be checked for data integrity damaging. Should I explain the scale and possibilities of such nodes so far? Currently, the news about the malicious node have already been reported to Tor and it has been marked as BadExit. Nevertheless, we should mention that among exit nodes in Tor LAN only this one added malicious codes to binaries. The rest nodes have been checked and they do not do anything similar. Beside the point, the Symantec company added their two cents,finding malicious node. The virus that have been added to binaries, was designed for further software: Antivirus detect it as a Backdoor. After the penetration the program connects with its creators via twitter microblog, searching for twits in the accounts that had been created by hackers in advance. Using these links, it download the core part of the code. Well, and now couple words about countercheck measures. Anyway, how to make implementers of the resources from which you download files use it? Another way is to check the cashes of the real file and the one that have been downloaded. If you still have any suspicions you can use VirusTotal or similar resources, so if any existing signature have been added you will get a pile of virus detections. Also, I recommend to use further script patchingCheck. Tor is a great tool to be protected, however it can not guarantee the safety. And we should not forget about this. As you can see, the core idea is quite clear, do not trust anybody and check received data: To make all this on your server is not a big deal, moreover, if you have a target to get in the market of applications and software, than the chances to be caught are not too high. So, honour the Criminal Code of Russian Federation, wear a white hat and always check your cashes. Click here to cancel reply. Email will not be published required. You can use these tags: Id Type Information Connection. Copyright c Microsoft Corporation. ControlPort DirPort Log notice stdout Выводим сообщения в консоль.