Saturday, 4 March 2017

KIMI - Malicious Debian Package Creator

Hey readers !
During last month's ending i was thinking on latest updates of Venom Shellcode Generator and while having conversation with r00t-3xp10it, i strikes with an idea for generating malicious debian packages which i was in mood to implement in my paused project "Ginni Botnet" earlier.

This post is for all those who still have doubts for Kimi.

I did a bit research on basically "how i can make it dependency free" cos i've seen loads methods in which 3rd party tools were involved and as i'm lazy to install dependency tools i decided to make one for mine :') .

Kimi is name inspired from "Kimimaro" one of my favriote charater from anime called "Naruto".

Kimi is a script which generates Malicious debian package for metasploit
which consists of bash file, same bash file is deployed into "/usr/local/bin/" directory.

Backdoor gets executed just when victim tries to install deb package due to postinst file

Bash file injects and also acts like some system command which when executed by victim
and attacker hits with session.

[Plus Points]
-- Fully indiependent. Means user no need to install any debian package creator
-- Can be integrated with any payload generator easily due to engagements of arguments.

[Download Link]
git clone https://github.com/ChaitanyaHaritash/kimi 
[Getting Everything Set]
Kimi basically depends upon web_delivery module and every thing is automated. 
all the attacker needs is to do use following command :

sudo python kimi.py -n nano -l 127.0.0.1 -V 1.0
[NOTE]
This project was made to be integrated with Venom Shellcode Generator 1.0.13.
It can be used standalone also all user needs is to change uripath in msf variables
------------------------------------------------------------------------------------------------------------

[Tested on ]
-- Linux Mint 17.2 Cinnamon (Ubuntu 14.04) 
-- ParrotOS (Debian Jessie)
-- Kali Rolling 2.0

[Updates from prototype]
-- Added "postinst" file creation function to make embeded malicious file execution automated
-- Added RC file generation function to fully automate with handler opening, means no need to
    set handler manually.
-- Patched some common bugs [special thanks to r00t 3xp10it :)]

[In Action]




[Video]



Insults and doubts are most welcome :') @bofheaded #SSA

0 comments:

Post a Comment