Results 1 to 5 of 5

Thread: Make payloads Undetected

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    4

    Question Make payloads Undetected

    first of all i know there is not any fast one click-y way to do this(if there is in a few days AVs will detect it)
    i want to learn basics of process of making payloads undetected.
    is there any good references for it?
    what exactly should do?
    what in assembly code of exe file we should change to make it undetected?
    placing push ax pop ax in random palaces will make it undetected?

  2. #2
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: Make payloads Undetected

    there are great references for it... here are some keywords to assist in your research (aka google)

    metasploit obfuscate payload
    encoded payload metasploit

    also some videos here
    Metasploit Class Videos* (Hacking Illustrated Series InfoSec Tutorial Videos)

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Make payloads Undetected

    Id probably start by learning how virus scanners work. One very common technique is based on detecting file signatures, although other methods are used as well.

    There is a bit of a discussion on signature avoidance in executables here, using Windows netcat as an example, with links to more stuff as well:
    The Grey Corner: Bypassing Antivirus Detection: Netcat

    For signature avoidance in other file types, you may want to look at this discussing how to avoid AV detection in malicious PDFs:
    The Grey Corner: Bypassing AntiVirus Detection for Malicious PDFs
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    4

    Default Re: Make payloads Undetected

    Quote Originally Posted by lupin View Post
    Id probably start by learning how virus scanners work. One very common technique is based on detecting file signatures, although other methods are used as well.

    There is a bit of a discussion on signature avoidance in executables here, using Windows netcat as an example, with links to more stuff as well:
    The Grey Corner: Bypassing Antivirus Detection: Netcat

    For signature avoidance in other file types, you may want to look at this discussing how to avoid AV detection in malicious PDFs:
    The Grey Corner: Bypassing AntiVirus Detection for Malicious PDFs

    thanks for links i read them but example of changing binary code of netcat was very simple!
    i want to make meterpreter undetected and that simple binary change wont work for that.
    i'm trying to change binary code of program(found where nod32 looks for sig) but changing it won't make it undetected!
    is there any other way to make meterpreter undetected?
    or other more professional guide to change binary code?
    another problem is there is not enough space to write my own codes in binary code(a few NOPs to write code in them)

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Make payloads Undetected

    Quote Originally Posted by rezass View Post
    thanks for links i read them but example of changing binary code of netcat was very simple!
    i want to make meterpreter undetected and that simple binary change wont work for that.
    The point of providing those links wasnt to give you a how to guide to bypassing AV, it was meant to help you understand one of the methods of AV detection (the simplest), because I recommended in the first sentence of my post that you learn how virus scanners work. Additional required research was left to the reader...

    Quote Originally Posted by rezass View Post
    i'm trying to change binary code of program(found where nod32 looks for sig) but changing it won't make it undetected!
    That means either:

    • What you found wasnt actually the signature (or the ONLY signature) in the file,
    • You didnt change the signature enough, or
    • Some other means of detection is being employed. Have a look here as a starting point.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. metasploit payloads are being detected
    By m0j4h3d in forum Beginners Forum
    Replies: 7
    Last Post: 04-07-2011, 03:35 PM
  2. Undetected interface
    By Eidar in forum Beginners Forum
    Replies: 2
    Last Post: 07-16-2010, 08:06 AM
  3. better quality with VNC payloads?
    By BigMac in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-20-2009, 03:54 AM
  4. metasploit payloads
    By ycpc55 in forum OLD Newbie Area
    Replies: 1
    Last Post: 04-20-2009, 04:17 AM
  5. undetected keylogger by AV
    By tonca in forum OLD Newbie Area
    Replies: 2
    Last Post: 07-22-2008, 09:54 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •