The Backdoor Factory (BDF) v-3.3.0 - Patch PE, ELF, Mach-O binaries with shellcode.

The Backdoor Factory (BDF) v-3.3.0 – Patch PE, ELF, Mach-O binaries with shellcode.

Changelog v3.3.0:
+ Added PE codesiging support. You must provide your own codesigning cert. You can see full disclosure how to Add PE Code Signing to Backdoor Factory (BDF).

BDFactory-v-3-3-0 Test Run Using PE Code Signing

BDFactory-v-3-3-0
Test Run Using PE Code Signing

The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

PE(The-Portable-Executable-Format)

Features:
+ PE Files
+ ELF Files
+ Mach-O Files
+ Overall

Dependencies:
Capstone, using the ‘next’ repo until it is the ‘master’ repo: https://github.com/aquynh/capstone/tree/next
Pefile, most recent: https://code.google.com/p/pefile/

INSTALL:

This will install Capstone with the ‘next’ repo and use pip to install pefile.

UPDATE:
./update.sh

Documentation and Presentation:
http://www.slideshare.net/midnite_runr/patching-windows-executables-with-the-backdoor-factory
– http://www.youtube.com/watch?v=LjUN9MACaTs

Sample Usage:
Patch an exe/dll using an existing code cave:

Patch an exe/dll by adding a code section:

Patch a directory of exes:

User supplied shellcode:

Hunt and backdoor: Injector | Windows Only

Code Signing Certs Configure:

make a private key:

verysign-certs

Test run:

verysign-certs-2

Then now Open pebin.py in your favorite editor, and replace the code on line 1763(on behind self.binary.close() line 1759, save and test against your victim machine:

Download : the-backdoor-factory-3.3.0.zip the-backdoor-factory-3.3.0.tar.gz

Contact the developer on:
IRC: irc.freenode.net #BDFactory
Twitter: @midnite_runr
Source : https://github.com/secretsquirrel/the-backdoor-factory | Our Post Before

NOTICE: For security professionals and researchers only.