Creating a Trojan Horse
For this we have taken two machines, one has Kali Linux on it and another is a Windows 10 virtual machine. First of all we create our malicious code using social engineering toolkit. It is there in Applications ->Social Engineering Tools->Social Engineering Toolkit.
Figure1. Social Engineering Toolkit(left)
From the options, select the first one i.e. Social Engineering Attacks by typing 1. After this we want to create payload and listener i.e. no. 4. The payload we will use is no. 2 Windows Reverse _TCP Meterpreter back to attacker. It will as for the IP address for the payload listener that is the actual attacking machine. We can get that using ipconfig command. Here the IP config is 192.168.1.106. then it will ask for port. We will enter 4444. It will generate the payload.
Running the Trojan
Once the payload is generated, it mentions the location where it will save it. Then it will ask to start the listener. We will first copy the payload.exe on Windows 10 virtual machine. Before copying, disable the windows defender as it will detect the malware. Now we will start the listener and run the payload.exe. As soon as we run it we can see that we have a Meterpreter open. It shows that the exploit and vulnerability or back door is working perfectly.
Hiding the Trojan
For this we will first create a batch file with two programs one Calc and other payload.exe. if we run the batch file a calculator will open and a terminal window will open. On the Linux machine the listener will also start another session.
Figure2. Batch file execution.
But in real world we don’t want the terminal window as it will indicate the user about something going on in the background. We can use a tool called ‘Batch to exe converter’ which is easily available on the internet.
Figure3. Bat to exe converter
Here select the batch file and choose to make it an invisible application. Compile it and an exe is made. Now if we run it, only calculator will open and not the terminal window. Meterpreter will open another session and our Trojan horse is doing its work silently.
Put the Trojan in a Real Application
We see that users usually have calculator shortcuts on their desktops. We can embed our Trojan into it. Open the properties of the calculator shortcut. In the target put our Trojan exe and rename the file here in the target. We can also change the icon from the properties to remove any doubt. So as the user launches the calculator next time out meterpreter will start listening and we are there in the system.
Interacting with the system using Meterpreter
There are certain commands which can be used to interact with the machine that we have back door via Trojan. Launch calculator and meterpreter session will start. To start interacting tye ‘sessions –I 1’. The prompt will change to ‘meterpreter>’. There are a large number of commands which we can find on the internet. Here we can type help can see the list of commands.
If we type ‘dir’, it will give the directory listing of the desktop as we are current there. We can also take a screenshot. Just type the command ‘screenshot’ and we see that it has been saved on a particular location. There we can find the screenshot of the Windows10 virtual machine. In the same way we can use other commands to intercept the attacked machine.
Ethical Hacking Tutorial: Trojans Lab Session Video: