A Glorious How-to on Using My File Binder

dtm · July 29, 2016, 12:52pm

In my social engineering hypothetical short story, I introduced a file binder executable which I developed and under @pry0cc 's request, here’s a how-to on using my file binder.

Disclaimer: This is just a PoC so don’t expect anything amazing.

First you want to load up Window’s command shell and find the directory of the executable and execute it like so:

…and you will see the usage format.

Now, simply replace each of the listed command line arguments, for example, using putty.exe and Answers.txt:

You will be see a list of debugging output and when that’s completed, it will generate a stub, in this case, it’s binded.exe. Now simply execute the stub file. Note that it might fail and give you an error but simply remake the stub from the previous step to fix this.

…and voila! Piece of cake.

The file binder has been tested to work with .txt and .bmp so that means that it does not necessarily require a .exe file as the payload. Feel free to experiment with other types of files.

Adding an Icon

My program does not have the feature to add an icon, but I might add it in the future. There are other ways to add an icon by using other tools. In this example, I will be using Resource Hacker.

First, you need to have a .ico file like so.

Then boot up your tool, load your binded file and then find the option to load an icon (or resource).

Then save it. You’ll get something like this.

Easy!

Click me to get the binary file!
VirusTotal Scan

The scan on VirusTotal has a detection rate of 2/54, probably because malware and file binding are known to be associated. I can personally assure you that there is no hidden malicious code and that the detection is a false positive but it is your choice to download.

oaktree · July 29, 2016, 2:28pm

color a… Okay! Lol. Good stuff!

anon79434934 · July 29, 2016, 10:39pm

Now I am wondering, would this file binder also work to bind a text file into a PowerShell script? Because if it can, you can just use PowerSploit to get a payload on there using SE that way. PowerShell also doesn’t write to the disk unless told to do (atleast that’s what I heard), so that could also be a good solution for anti-forensics.

-Phoenix750

dtm · July 30, 2016, 1:24am

It might be able to but I’ve never tested PowerShell scripts. It doesn’t necessarily need an executable to work, so it’s probably possible, e.g. a PowerShell script and an image file.

pry0cc · July 30, 2016, 11:25am

AWESOME! Nice man! Thanks @dtm

ivlb · July 30, 2016, 12:51pm

Actually works the same as bash (PS can be considered as a bash/cmd mesh with COM and WMI extensions). So if you tee, or write a file like stream, or profile-log, you’ll write to disk, not by default. BUT, PS does have a command history which gets written under the profile you’re using - and is session permanent (which is a bigger problem on servers than on client computers).

It doesn’t, but is heavily dependant on the PS framework version of the victim, if you miss-target the version, advanced logic is likely to break.
WinRM probing will provide you with the version needed (in most cases).

dtm · July 31, 2016, 1:34am

I meant my file binder doesn’t require an executable as one of its payloads.

Cromical · July 31, 2016, 4:46am

Mate this is awesome! Thanks for the How-To! Oh and:
telnet

towel.blinkenlights.nl

dtm · January 21, 2018, 12:30am

This topic was automatically closed after 30 days. New replies are no longer allowed.