Hide an .exe behind a Office file


In step 1 let’s clone the project with git:




After that enter the new directory created and run the backdoorppt.sh:






A popup windows opens to confirm the execution, and after that select the EXE file to hide. I will test with putty.exe, after which you should choose the icon for the executable file.







Choose the operating system to run it on and click OK to confirm:








But no luck! after the whole process took place it ended in some kind of Wine error.





So I decided to remove the /root/.wine directory, install the 32 bits libraries and later I will install manually the ResourceHacker Windows software used by backdoorppt.
















Now that the ResourceHacker software is installed successfully repeat the process to launch backdoorppt and create a Windows 7 example with putty.exe. Now it works! :)






At the end let’s check the icon and file name and… voila!






URL: https://github.com/r00t-3xp10it/backdoorppt

Yesterday was released a new OpenSSH bug (CVE-2016-0777) affecting versions between 5.4 to 7.1 in which the ssh_config option “UseRoaming yes” (allows for resuming SSH connections) could be exploited by tricking the SSH client to connect to a fake/compromised server allowing it to steal clients SSH keys.

After some hours I saw this tweet on my timeline:

twitter cve-2016-0777 Obviously a classical exploit doesn’t fit in this type of bug so I checked the shellcode.

The quickest method I know is using Python. You just need to define the shellcode as a variable and print it:

Python-sc-checkNever trust anyone ;)

P.S.1: or if you are an ASM freak try rasm2 -d 6a0b58995266682d6389e7…

rasm2-dP.S.2: or even more https://dustri.org/b/how-to-radare2-a-fake-openssh-exploit.html