I am clonning a website using social engineering tool kit and can dowload the exploit OK and get a meterpreter session only if my AV is disabled. With AV enabled it gets caught ever time.
Is it possible to re-encript the file using metersploit and if so which file has been created by SET.
SET does not seem allow the option to use multi encoders like you can in metersploit unless I have missed something.
thanks very much
Another great tut which helped me : YouTube - Windows 7 AV Bypass with -x in msfencode
"The difference between RAID1 and RAID0 is that the zero stands for how many files you're gonna have after a harddisk failure."
thanks for info, I have found these before but revisited.
1 Using Java Applet Method. Works find with No AV, but AVG catches it.
Am I correct in thinking the HTML and signed update.jar are located in /src/site/template.
These two files show 0/43 when sent to VirusTotal.
Is /src/exe/legit.binary the file that is inserted into the cloned site, this file is also clean in VirusTotal. I know how to make another encripted exe in metersplot, by editing the set_config to the new exe does not solve the problem.
2 If set_config SENDMAIL=OFF and WEBATTACK_EMAIL=OFF should this stop set asking for the email info. I am trying this on my local LAN and do not wish to eMail, I am entering the IP of the attacker machine in the browser.
If SENDMAIL=OFF and WEBATTACK_EMAIL are OFF, you shouldn't be getting prompted for email's using the Java Applet attack. That's pretty strange the AV is hitting it, it's not hitting the applet, thats safe, the backdoored executable may be getting caught, your just going to hav eto play with it. What A/V are you getting snagged by? If you go into src/web_clone/site/template you'll see the executable there, that's the one getting snagged. What you can do is import your own executable that isn't getting flagged if the MSF ones are not getting past AV properly.
Hope that helps.
Thanks for confirming what I thought was the file at src/web_clone/site/template.
I am using AVG as my AV.
Will now create my own file using metasploit, I just can't figure out why it tries to Email but it's not the end of the world, just wastes time when testing.
Thanks for your help.