redpill Hacker Payloads

redpill Hacker has many different payloads to choose from. Know what is the correct payload to use for your specific job and how to create them.

Spy Software Payloads

What is a payload?

In computer security, payload refers to the part of malware which performs a malicious action. In redpill Hacker , the payload is attached to an email or a website and is delivered to the target PC. The payload will then secretly perform a specific action like installing a key logger or retrieving documents from the target computer.

Different types of payloads in redpill Hacker

There are different payloads in redpill Hacker and new ones being added with each new release. Some will only take screenshots while another will take screenshots and install a key logger. There is also another that will secretly retrieve all the documents from the target computer.

When you select a payload in redpill Hacker the details of the payload will be displayed to help you choose the right payload for the job.

spy program payloads

Payloads are grouped into two main categories in redpill Hacker:

Heavyweight Payloads

Heavyweight payloads does a lot and for longer. It installs a key logger, will take screenshots and continue to run even after a computer is restarted. They will however cause the UAC message to come up and will also have a higher detection rate than lightweight payloads. If you choose to use a heavyweight payload you should use social engineering to convince the target to run the application.

Lightweight Payloads

Lightweight payloads only run once and will only do a very specific task like take screenshots or secretly retrieve documents on the target computer. They will however bypass the UAC warning message and have a very low anti-virus detection rate (gets past 95%). Although lightweight payloads are limited in what they can do, they are strongly recommended because they have a very high success rate.

Attachment Types

There are different attachment types, and as with payload types, each comes with it pros and cons. Free email services like gmail and yahoo are very strict with what they allow. Gmail for example will block the following:

spy program attachment

It is important to remember that it is not the email service you are using but also the email service your target is using that can block certain attachment types.

attachment spy program

In redpill Hacker, when you select an attachment type, a description of the pros and cons for that type will be displayed Below is a list of attachment types with pros and cons.

Attachment Type PROS CONS
Program File (EXE) Requires no other action except to double click on the file. Allowed by very few email services. Not really useful when emailing as it will be blocked 95% of the time.
ZIP File High success rate if allowed by email. You can add a password to get past some services like yahoo. Not allowed by gmail and some other services
Wordpad (RTF) Can be used by any email service including gmail. Low success rate as the target needs to double click on icon inside the file. The attachment needs to be opened with Wordpad . MS Word will require the user to click on a warning message and Open Office will not work.
Link Very High Success Rate. You need a website. You can get website hosting for cheap and redpill Hacker can create a website for you.
PDF Normal Spoofing Works when file extensions is hidden (default option in Windows). Most anti-virus will immediately pick this up as a red flag and warn the user.
PDF RTLO Spoofing Works when file extensions is not hidden. Some anti-virus will immediately pick this up as a red flag and warn the user.
Website Payload Very High Success Rate (best) You need to purchase a domain with a hosting option (very cheap). redpill Hacker will create the website and payload for you.

Creating a payload in redpill Hacker

To create a payload in redpill Hacker, from the Menu select 'Payloads' > 'Create Payload'.

how to create a payload
  1. Select the payment type
  2. Select the attachment type
  3. Select the social engineering template you want to use to create the payload. You will be able to override the fields created by the template in the next step.
  4. Click on Next
creating payloads in redpill Hacker
  1. Enter a description. The description is just for your own purposes and used when selecting payloads in redpill Hacker. It will not be displayed anywhere on the target PC.
  2. The program name, first message and second message would have been filled out by the template you selected. You can change these if you want for each payload. You could also edit the template itself so that you don't need to change it when creating the payloads.
  3. Select the email account the payload should use to send the data to you. The email accounts is setup under Resources > 'Email Accounts' in redpill Hacker. Note: Do not use an email account that you didn't test in the Email Account Setup screen.
  4. The FTP Server is only needed if you are creating a link payload. The FTP Servers are setup under Resources > 'FTP Servers'.
  5. The local filename is what you want to save the payload as. By default this will be created in your redpill Hacker Payload folder but you can also choose to create it somewhere else. Note that it is a 'Save As' box - you don't select an existing file - you choose how and where the payload will be saved. If it is a link you are using, the payload will first be saved in this location before it is automatically uploaded to the file server.
  6. The download link is only available if you are creating a link payload. If you are creating a link, only replace the [your domain] with your actual domain or IP address (remove the square brackets as well).
  7. If you are creating a ZIP payload you can also add a password. This will protect your payload from being scanned by some Anti-Virus. You will then also need to email the password to your target (this can be setup in the template as well). If you don't want to use a ZIP password, just leave the box empty.
  8. It can be the same one that you chose to send the data from - but it can also be any other email address.
  9. If you are creating a payload that will take screenshots, you can choose the interval in seconds that screenshots should be taken.
  10. Click the 'Create Payload' button to create the payload.