Debug.exe

This is a crazy technique that works on Windows 32 bit machines. Basically the idea is to use the debug.exe program. It is used to inspect binaries, like a debugger. But it can also rebuild them from hex. So the idea is that we take a binaries, like netcat. And then disassemble it into hex, paste it into a file on the compromised machine, and then assemble it with debug.exe.

Debug.exe can only assemble 64 kb. So we need to use files smaller than that. We can use upx to compress it even more. So let's do that:

upx -9 nc.exe

Now it only weights 29 kb. Perfect. So now let's disassemble it:

exe2hex nc.exe nc.bat

Windows: cmd -- Properties -- Turn on legacy support Run nc.bat

Now we just copy-paste the text into our windows-shell. And it will automatically create a file called nc.exe