Active Members Fi8sVrs Posted June 21, 2018 Active Members Report Posted June 21, 2018 TROJANIZER Version release : v1.1 (Stable) Author : pedro ubuntu [ r00t-3xp10it ] Codename: Troia_Revisited Distros Supported : Ubuntu, Kali, Mint, Parrot OS Suspicious-Shell-Activity (SSA) RedTeam develop @2017 FRAMEWORK DESCRIPTION The Trojanizer tool uses WinRAR (SFX) to compress the two files input by user, and transforms it into an SFX executable(.exe) archive. The sfx archive when executed it will run both files (our payload and the legit appl at the same time). To make the archive less suspicious to target at execution time, trojanizer will try to replace the default icon(.ico) of the sfx file with a user-selected one, and supress all SFX archive sandbox msgs (Silent=1 | Overwrite=1). 'Trojanizer will not build trojans, but from target perspective, it replicates the trojan behavior' (execute the payload in background, while the legit application executes in foreground). DEPENDENCIES (backend applications) Zenity (bash-GUIs) | Wine (x86|x64) | WinRAr.exe (installed-in-wine) "Trojanizer.sh will download/install all dependencies as they are needed" ╔────────────────────────────────────────────────────────────────────────────────────────────╗ | It is recomended to edit and config the option: SYSTEM_ARCH=[ your_sys_arch ] | | in the 'settings' file before attempting to run the tool for the first time. | ╚────────────────────────────────────────────────────────────────────────────────────────────╝ PAYLOADS (agents) ACCEPTED .exe | .bat | .vbs | .ps1 "All payloads that windows/SFX can auto-extract-execute" HINT: If sellected 'SINGLE_EXEC=ON' in the settings file, then trojanizer will accept any kind of extension to be inputed. LEGIT APPLICATIONS ACCEPTED (decoys) .exe | .bat | .vbs | .ps1 | .jpg | .bmp | .doc | .ppt | etc .. "All applications that windows/SFX can auto-extract-execute" Advanced Settings Trojanizer and APPL Whitelisting Bypasses Framework Screenshots Video Tutorials Trojanizer - AVG anti-virus fake installer (trojan behavior) Trojanizer - single_file_execution (not trojan behavior) Download/Install 1º - Download framework from github git clone https://github.com/r00t-3xp10it/trojanizer.git 2º - Set files execution permitions cd trojanizer sudo chmod +x *.sh 3º - config framework nano settings 4º - Run main tool sudo ./Trojanizer.sh Source Quote
