The Backdoor Factory (BDF) – Patch Binaries With Shellcode


The Backdoor Factory or BDF is a tool which enables you to patch binaries with shellcode and continue normal execution exactly as the executable binary would have in its’ pre-patched state.

The Backdoor Factory (BDF) - Patch Binaries With Shellcode


Some executables have built in protection, as such this tool will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises.

There’s a couple of somewhat related tools you can also check out:

peinjector – MITM PE File Injector
PEiD – Detect PE Packers, Cryptors & Compilers

Features of Backdoor Factory

Overall BDF Features

The user can:

  • Provide custom shellcode.
  • Patch a directory of executables/dlls.
  • Select x32 or x64 binaries to patch only.
  • Include BDF is other python projects see pebin.py and elfbin.py

PE File Related Backdoor-Factory Features

  • Can find all codecaves in an EXE/DLL.
  • By default, clears the pointer to the PE certificate table, thereby unsigning a binary.
  • Can inject shellcode into code caves or into a new section.
  • Can find if a PE binary needs to run with elevated privileges.
  • When selecting code caves, you can use the following commands:
    • Jump (j), for code cave jumping
    • Single (s), for patching all your shellcode into one cave
    • Append (a), for creating a code cave
    • Ignore (i or q), nevermind, ignore this binary
  • Can ignore DLLs
  • Import Table Patching
  • AutoPatching (-m automtic)
  • Onionduke (-m onionduke)

ELF Files Backdoor Feature

Extends 1000 bytes (in bytes) to the TEXT SEGMENT and injects shellcode into that section of code.

Mach-O Files

Pre-Text Section patching and signature removal


The Backdoor Factory Usage

You can download Backdoor Factory here:

the-backdoor-factory-3.4.2.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.