From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Hiding payloads in benign files

Hiding payloads in benign files

From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Start my 1-month free trial

Hiding payloads in benign files

- [Instructor] It can be difficult to obfuscate scripted malware as it needs to be in readable form to execute. There are tricks that can be used to achieve this, however. Let's have a look at tool by Somdev which cloaks a Python payload by creating and injecting it into a benign Python script. I've downloaded the script, so let's take a look at it. Nano cloak.py -l. I won't analyze this in detail but there are some interesting aspects to look at. At line 32, the script makes a connection to the Google DNS in order to find the IP address it's running from. At line 47, we can see a call to check that msfvenom is available on the host. And at lines 53 and 58, it get the IP and port from the user. The injector starts at line 124 and at line 127, we can see the msfvenom call that's made for a python/meterpreter shell across HTTPS, saving the payload into a file called payload.txt. This is then read in at lines 130 to…

Contents