Metersploit AV bypass fails on re-run

Printable View

01-24-2011, 06:44 AM
parrotface

Metersploit AV bypass fails on re-run

Hi
I am able to create an exe with metersploit and copy to my XP sp2 box with AVG running on it, by playing with various encoders or multi encoders with various counts I can usually get passed my AV.
I then copy and paste the code for later use, re-run this code say even a few mins later with a different name e.g. test2.exe instead of test.exe, it fails yet the original test.exe still runs.
I am following metersploit unleashed AV bypass, metersploit primer part 14 and many other examples and bingo it works first time and fails on repeat tries.
I have stopped testing using VirusTotal as I thought this might be alerting AVG.
Any ideas would be appreciated.
Many thanks.
01-24-2011, 07:27 AM
SecureSurfer

Re: Metersploit AV bypass fails on re-run

I deleted my post cause I'm actually not sure. I have to try it later on.

greets
01-24-2011, 08:20 AM
TAPE

Re: Metersploit AV bypass fails on re-run

Using VirusTotal will indeed have your file(s) included in a database of possible malicious files..
So if you want to re-use that encoding that works, dont send to VirusTotal.

Seems very strange that simply changing the filename would change the detection.. seems that
you must be doing something changing the file in some way..

All times are GMT. The time now is 08:17 AM.