Fudge: Hiding implants in HTML files

by do son · Published April 9, 2020 · Updated April 9, 2020

Fudge

I had some success with on Phishing engagements by base64 encoding the contents of a file, putting it into an HTML file and having it decode and drop when the user opened the HTML file.

Supported Files

As far as I am aware, any source file should work. As Fudge uses the raw bytes of the original file, they should be identical when they land on the target host.

The main consideration is that the input and output file extensions should be the same if you wish the file to work the same on the target host.

If you try any files and they dont work, please open an issue and provide an example file if possible.

Install

go get github.com/dale-ruane/Fudge

or

Download the binaries available on the releases tab for both Windows 64-bit and Linux 64-bit.

Use

 -n string

        Name of downloaded file (default "nastypasty.exe") (This is the filename the target will see when the file pops out of the HTML file)

  -s string

        Source File (default "test.exe")

Use the above flags to set the file to encode, and the filename which will be given to the user when they open the HTML file.

Example

./Fudge -s implant.exe -n passwordchecker.exe

The above will produce output.html which will contain implant.exe and when the user opens the HTML file it will be named passwordchecker.exe.

Demo

https://www.youtube.com/watch?v=o-MPQnvGQ28

Source: https://github.com/dale-ruane/

Fudge: Hiding implants in HTML files

Search

Brilliantly

Content & Links