The Backdoor Factory (BDF) v-3.2.3 released : Patch PE, ELF, Mach-O binaries with shellcode.

The Backdoor Factory (BDF) v-3.2.3 released : Patch PE, ELF, Mach-O binaries with shellcode.

NOTICE: For security professionals and researchers only.
Changelog 11/13/2015 v2.3.2:

– proper removeal of PE Sig resulting in better IAT patching
– pebin.py : proper truncation of unsigned PE
– backdoor.py : proper truncation of unsigned PE

Update:
– cd <your folder BDF>
– git pull

BDF v-2.3.2

BDF v-2.3.2

 

The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

PE(The-Portable-Executable-Format)

Features:
+ PE Files
+ ELF Files
+ Mach-O Files
+ OverallMSF-Overwrite-Entry

Dependences:
Capstone, using the ‘next’ repo until it is the ‘master’ repo: https://github.com/aquynh/capstone/tree/next
Pefile, most recent: https://code.google.com/p/pefile/ MSF-Overwrite-Entry-Before

INSTALL:
./install.sh

This will install Capstone with the ‘next’ repo and use pip to install pefile.

UPDATE:
./update.sh

Documentation and Presentation:
http://www.slideshare.net/midnite_runr/patching-windows-executables-with-the-backdoor-factory
– http://www.youtube.com/watch?v=LjUN9MACaTs

Sample Usage:
Patch an exe/dll using an existing code cave:

Patch an exe/dll by adding a code section:

Patch a directory of exes:

User supplied shellcode:

Hunt and backdoor: Injector | Windows Only

Download : the-backdoor-factory-3.2.3.zip the-backdoor-factory-3.2.3.tar.gz

Contact the developer on:
IRC: irc.freenode.net #BDFactory
Twitter: @midnite_runr
Source : https://github.com/secretsquirrel/the-backdoor-factory | Our Post Before

NOTICE: For security professionals and researchers only.