The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

[killadaninja]

So can anyone help with avoidance of AV?
I spend quite a few hours trying to make executable that has a green light from AV, but with no success.
I have tried following
a) metasploit unleashed chapter 8 - bypassing antivir.
b) method from invisible denizen's blog.
c) using programs usx and pescrabmler.

Nothing helped, kaspersky internet security found generic virus.

Anyone can help with this?

1. Learn some languages and start writing your own code.
2. Find the signature that is flagging the AV , by using a file splitter and scanning small parts of the file, after you have found the offending signature try editing it using a hex editor etc (messy but possible).

[admid0RAS]

Hello ppl!! I am writing because I have problem with this attack! I did all the steps:

Site CLoner
JaVa applet method
I putted the 2 encryption type and then how many times to be I putted 4
after all it appear me this somehow: . But when I open with the same OS (backtrack4) the firefox and putting the ip that it is on the Konsole, I can see the site I putted before but the Toolkit is not having any session cannot recognize it I dont now is not responding at all :?/ plz help,.

[SHRecruit]

I read 200 post today so i cant even remmeber where i read this but somebody sad something about sending pdf. over gmail,its not possible anymore right? when i try to send pdf format its sad that i trying to send malicious format! And is there any other method to send pdf ?

[h4ckp4wn]

I read 200 post today so i cant even remmeber where i read this but somebody sad something about sending pdf. over gmail,its not possible anymore right? when i try to send pdf format its sad that i trying to send malicious format! And is there any other method to send pdf ?

maybe u shud compress it first then send it. hope can help

[pentest09]

hi killa, you can evade av 100% as i have shown on my channel utube (dgconsultinguk) it matters on the following:
1: The .exe template file
2: Encoding does not have to be extreme but shikata_ga_nai's polymorphic algorithm works well with random encoding try not to use exact options in tutorials as
they get uploaded to virus total and after a week get flagged so try ur own encoding options.

3: simple backdoors with netcat evade av quite well even when binded check the forums for this.

Regards Dee

[SHRecruit]

maybe u shud compress it first then send it. hope can help

h4ckp4wn maybe you can give more details how to do that! Anyway thanks for sugestion!

[Sp3ctr3]

Hello ppl!! I am writing because I have problem with this attack! I did all the steps:

Site CLoner
JaVa applet method
I putted the 2 encryption type and then how many times to be I putted 4
after all it appear me this somehow: . But when I open with the same OS (backtrack4) the firefox and putting the ip that it is on the Konsole, I can see the site I putted before but the Toolkit is not having any session cannot recognize it I dont now is not responding at all :?/ plz help,.

The problem is the use of BT's Firefox..its preconfigured with a lot of plugins making safer than most people HackMe browser (also known as IE). So i recommend you try it on windows xp sp0 with IE first