email spreading

[sallynice45]

can someone tell me an effective way to spread a link over email? it seems i try gg short url and it just doesnt work? am i missing something? trying to spread my lnk direct download link.

thanks

 

[nek_0]

Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

 

[Aster]

nek_0 сказал(а):
Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

Пожалуйста, обратите внимание, что пользователь заблокирован

MSI is bad for this.

 

[Anunnaki]

Пожалуйста, обратите внимание, что пользователь заблокирован
try html smuggling combined with xor encryption or smuggle the file by spoofing google drive URL for attachments

 

[Aster]

Anunnaki сказал(а):
try html smuggling combined with xor encryption or smuggle the file by spoofing google drive URL for attachments

Пожалуйста, обратите внимание, что пользователь заблокирован

HTML with xor encryption? Can you explain more?

 

[sallynice45]

nek_0 сказал(а):
Most email providers will block for spam. Have you tried container files like ISOs, image files, or MSI?

was kinda hoping to skip all the testing cause ive done too much already and hoping someone can just tell me what is actually working at the moment lol.
like HOW are people spreading exe in an email?? this is what im after. i know to zip, and put a password.. but still having difficulties.

 

[sallynice45]

Aster сказал(а):
HTML with xor encryption? Can you explain more?

^ maybe a tutorial :S lol

 

[nek_0]

Aster сказал(а):
MSI is bad for this.

it can be done but you are correct, not ideal.

 

[Aster]

nek_0 сказал(а):
it can be done but you are correct, not ideal.

Пожалуйста, обратите внимание, что пользователь заблокирован

MSIs are very detected.
Lnks are better, even under password is zip/rar.

 

[sallynice45]

Aster сказал(а):
MSIs are very detected.
Lnks are better, even under password is zip/rar.

how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

 

[Aster]

sallynice45 сказал(а):
how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

Пожалуйста, обратите внимание, что пользователь заблокирован

Well, if you are using public lnk builder then good luck
Malware is hard without investment.

 

[DanteXDark]

sallynice45 сказал(а):
how are you getting lnk to work, seems its detected for me all the time? or wont execute my exe

umm i think INK detections depends on how you calling powershell and downloading and executing bad stuff, try to download and run your stub in multiple stages

 

[DanteXDark]

sallynice45 сказал(а):
^ maybe a tutorial :S lol

File Smuggling with HTML and JavaScript | Red Team Notes

www.ired.team

obfuscate the javascript host the html on server and put direct link in html templet.

 

[Anunnaki]

DanteXDark сказал(а):

File Smuggling with HTML and JavaScript | Red Team Notes

www.ired.team

obfuscate the javascript host the html on server and put direct link in html templet.

Пожалуйста, обратите внимание, что пользователь заблокирован


There are varieties to this method. This quotes link source doesn't include xor encryption/decryption. Also look into using MS-office URI protocols to directly execute from URL which can be embedded into emails or invoked via some crafty OOXML vector in email attachment . This can be combined with earlier method for more novelty.

As an additional sidenote, DNS tunneling works wonders still
Последнее редактирование: 07.09.2022

 

[DanteXDark]

Anunnaki сказал(а):
There are varieties to this method. This quotes link source doesn't include xor encryption/decryption. Also look into using MS-office URI protocols to directly execute from URL which can be embedded into emails or invoked via some crafty OOXML vector in email attachment . This can be combined with earlier method for more novelty.

As an additional sidenote, DNS tunneling works wonders still

humm looks good can you share some resources (blogs or anything )
Последнее редактирование: 07.09.2022

 

[nek_0]

DanteXDark сказал(а):
humm looks good can you share some resources (blogs or anything )

DanteXDark сказал(а):
humm looks good can you share some resources (blogs or anything )

XSS is one good source

 

[marauda18]

There are a lot of ways to execute your payload using lnk, avoid powershell.exe for example. There are others LOLBINS to achieve the same thing.

 

[Aster]

marauda18 сказал(а):
There are a lot of ways to execute your payload using lnk, avoid powershell.exe for example. There are others LOLBINS to achieve the same thing.

Пожалуйста, обратите внимание, что пользователь заблокирован

Exactly.

 

[Muuurlock]

Try pdf with hotlinks, bro)
Tis working good

 

[sallynice45]

Muuurlock сказал(а):
Try pdf with hotlinks, bro)
Tis working good

can i get some more information please?

still looking for some help