Showing posts with label Trojan. Show all posts
Showing posts with label Trojan. Show all posts

Androguard v1.5 : Reverse engineering & Malware analysis of Android applications

Labels:
, , , ,

Androguard (Android Guard) is mainly a tool written in python to play with :
  • Dex (Dalvik virtual machine) (.dex), and ODex
  • APK (Android application) (.apk),
  • Android's binary xml (.xml).
Androguard is available for Linux/MacOSX/Windows (python powered).
1.3 10

Change V1.5 :
- Session (save/load)
- Annotation
- Documentation
- Support of ARM
- Support of dex writing
- Disassembler/Decompiler(DAD)

Androguard has the following features :
  • Map and manipulate (disassemble/decompile/modify) DEX/ODEX/APK files into full Python objects,
  • Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
  • Check if an android application is present in a database (malwares, goodwares ?),
  • Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
  • Diffing of android applications,
  • Measure the efficiency of obfuscators (proguard, ...),
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
  • Detection of ad/open source librairies (WIP),
  • Risk indicator of malicious application,
  • Reverse engineering of applications (goodwares, malwares),
  • Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
  • Integration with external decompilers (JAD/DED/...)
  • Dump the jvm process to find classes into memory.
You can find complete Tutorial here about usage.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Friday, August 31, 2012  

Metasploit payload Debian (.deb) package trojan Generator Script

Labels:
, , , , , , ,

This bash script is to generate a Debian (.deb) package trojan using Metasploit payload developed by Aaron Hine. Metasploit Payload is to send a request back to the BackTrack server running a Metasploit listener. This video demonstrates the script:


There is Another Script developed by Travis Phillips to create msfpayload & msfencode metasploit payload trojans. The following script coded to simplify the ease of use for using msfpayload and msfencode to create a windows based trojan and set up the listener.

The script will do the following:
  • Determine your IP address automatically for the LHOST of the payload.
  • Ask if you want a shell or meterpreter
  • Ask if you want it reverse connection or Bind port TCP
  • Request the Port number.
  • at that point it will create two files
  • trojan.exe - your virus payload
  • msf_Trojan_Listener - a file with a one liner to create the metasploit listener that works with your payload.
  • Next it will start msfcli to create a listener.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Sunday, June 10, 2012  

DarkComet RAT v 5.3.1 FIX 1 fwb Released

Labels:
, , ,

Finally the final version of DarkComet RAT 5.3.1 is out. DarkComet, a Remote Administration Tool already chosen by hundreds of thousands of people worldwide. These users describe DarkComer-RAT as one of the very best around, it is totally free to use and allows you to control multiple remote machines at the same time using hundreds of functions (webcam streaming, desktop streaming, micro streaming, keylogger, MSN control, system control, etc, etc.) DarkComet is also considered as the most stable RAT and it is even regarded more stable than some professional ones (profesional is another word for not free).
355005screen2

Change for 5.3.1 FIX 1:
  • New action added in FTP Client, you can copy to clipboard the link of a file (useful for file downloader (URL))
  • A very huge bug was fixed for stub startup, now it works fine
  • A bug fix when using user list thumbnails
  • [FIX ] HTTP Flood more efficient
  • [FIX ] In settings the last theme is correctly set in the combobox
  • [FIX ] Auto SIN Refresh ratio successfully saved in config.ini
  • [GUI ] Client Settings GUI changed, it is now more user friendly and fit with the rest of DarkComet RAT Design
  • [GUI ] EULA At startup is more beautiful
  • [GUI ] No IP Gui revised
  • [GUI ] User group Gui revised
  • [FUNC] Search for update added in settings
  • [GUI ] Keylogger GUI revised
  • [FIX ] Now desktop correctly save snapshots (if option enabled)
  • [DEL ] Delete in full editor (read only, archived, tempory) attributes to avoid some stub problems if used
  • [FIX ] Users list flags support now Serbia Country (Republic of Serbia)
  • [FIX ] VIP Lounge price and URL fixed
  • [FUNC] HOT, Now you can chose wich functions you need in the control center, and not be bloated with functions you might never used. (In settings window)
  • [FIX ] FTP Upload Keylogger Logs bug fixed
  • [FUNC] FTP Wallet added in settings, it allow you to setup and test your FTP accounts for compatible DarkComet RAT FTP Functions
  • [FUNC] FTP Wallet is now linked to the Edit Server keylogger FTP Managment
  • [FUNC] Now you can upload files from file manager to one of your FTP account (compatible with the FTP wallet)
  • [FUNC] Embedded FTP Client added to DarkComet, multithread using Pure API, very fast and reliable and of course user friendly.
  • [FIX ] Bug fixed when module startup enable, no more tons of process on reboot etc.. support Drag n Drop
  • [FUNC] Drag And Drop added in File Manager to upload files frop explorer directly to remote computer
  • [FUNC] New downloader method implemented using Pure low level API's instead of the shit URLDownloadUrlToFile bloated of crap
  • [FUNC] File Downloader manager from control center been improved and bug fixed, now file are correctly downloaded, also you can chose a PATH from combobox shortcut
  • [FUNC] Mass downloader from user list been improved and multithreaded, also download bug is now fixed
  • [FUNC] Same as for mass downloader, update from URL bug fixed and improved


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Thursday, June 07, 2012  

Subscribe to: Posts (Atom)