Results 1 to 8 of 8

Thread: metasploit payloads are being detected

  1. #1
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Question metasploit payloads are being detected

    hi .... am trying to encode a windows/shell/reverse_tcp payload .. but it still being detected .. am scanning it using avira up to date 12/10/2010 ... even i tried to bind it with putty and calc and other .. and tried 4 encoders with each other .. but it still being detected .. so do any one have idea that help or fix ..... and thanks
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  2. #2
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: metasploit payloads are being detected

    Read this thread. Will help you understand a bit more!

    http://www.backtrack-linux.org/forum...ause-pipe.html

    Do not get stuck with only the stuff about metasploit, search for other techniques described in the above link as well.

    Regards,
    (gdb) disass m(y_br)ain

    ®

  3. #3
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: metasploit payloads are being detected

    thanks espreto ... i'll do .. cz i tried lot in metasploit alone ..... .. .. hope to find sln .. and any thing i find i'll post it here
    thanks
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  4. #4
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default AW: metasploit payloads are being detected

    See, that's the drawback of using automated tools.

    Not that they are not useful but if there are special cases they won't be good enough.

    As a hint search for dsplit on youtube.
    Tiocfaidh ár lá

  5. #5
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default

    i got the idea boys :) .. thank KMDave .. you are right in what you sayin :) ... i guess i have got what i have to do :) .. thanks all :)

    guys :) .. i found the solution ... 10x for u all for "espreto" .. "KMDave" .. "Sickness" .. and special 10x to >g0tmi1k< ^_^ :P
    Last edited by Archangel-Amael; 10-13-2010 at 06:59 PM.
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  6. #6
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    2

    Default Riferimento: metasploit payloads are being detected

    Hi guy, i tried them all, dsplit too but Micro....secur....essent... found always a virus.
    I dont know what to do, do you have a other advice? thank you in advance
    by

  7. #7
    Member
    Join Date
    Jun 2008
    Posts
    50

    Default Re: Riferimento: metasploit payloads are being detected

    Hiya

    Having tried a number of the techniques and how to's I also come across the same issue with anti virus programs detecting payloads etc.

    I have recently been looking at avoiding and felt hex editors woudl be the best route for me (I feel I understand that rather than encoder!).

    I downloaded the latest WKV from Nirsoft, unpacked using UPX and split into 81 files. Only the first file was detected by AVG but as a corrupted exe. When split into 2 files it correctly detected the Spyware element in the first file.

    Anyhow I deleted lines and have determined where I think the signature is detected and went about changing one byte. The program then doesnt run, although now not detectable by AVG?

    Oddly (too me anyhow) the virus signature seems to be just one byte? I am wondering what I am missing? As when I change it the code is rendered useless, but without changing it AVG detected? How can a virus sig be one byte? As I am writing I am thinking it is the byte and the position of that byte? Will it be posisble to move the byte along?

    Thanks in adnance for any pointers....

  8. #8
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Riferimento: metasploit payloads are being detected

    That one byte in that you are changing is probably just one of the bytes in the signature. If changing that byte causes your program to crash then check out this great blog post by Lupin on the subject http://grey-corner.blogspot.com/2010...on-netcat.html also since you already know which byte needs to be changed this video could help you http://www.offensive-security.com/vi...controller.swf

Similar Threads

  1. No AP detected
    By Euphoria in forum Beginners Forum
    Replies: 1
    Last Post: 03-29-2010, 06:24 AM
  2. linux payloads metasploit
    By stboon in forum Tool Requests
    Replies: 5
    Last Post: 03-04-2010, 03:56 PM
  3. better quality with VNC payloads?
    By BigMac in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-20-2009, 03:54 AM
  4. Metasploit payloads as backdoors?
    By cr1spyj0nes in forum OLD Newbie Area
    Replies: 28
    Last Post: 07-02-2009, 11:20 PM
  5. metasploit payloads
    By ycpc55 in forum OLD Newbie Area
    Replies: 1
    Last Post: 04-20-2009, 04:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •