Choosing appropriate MSF Payloads in case of Anti-Virus
Hello all,
In case this is a newbie question, moderators feel free to move and apologies for the trouble.
We all know that certain vulnerabilities out there that can be exploited via MSF is a one shot kind of deal. Thus, settings must be configured appropriately otherwise you lose your chance. I have noticed that while actively exploiting and using certain payloads (/windows/meterpreter/reverse_tcp, /windows/shell/reverse_tcp, etc.) it tends to trigger AV.
AV will then kill the payload on the spot and you've lost your only chance at exploitation because now the vulnerable service has been terminated.
What payloads are considered a bit "safer" and are there techniques around AV? I am aware of msfencoding executable binaries to bypass AV, but this requires a manual copy of the encoded binary onto the server and then requires a manual execution. If someone can nudge me into the right direction with even a keyword so that I may further the research on my own it would be appreciated.
Thanks!
Re: Choosing appropriate MSF Payloads in case of Anti-Virus
these links will address some of the material
http://www.backtrack-linux.org/forum...-advanced.html
http://www.backtrack-linux.org/forum...re-script.html
the Scenario Based Hacking Series that was started (but hasn't progressed) check them out
ultimately you should read up on msfencoding you can encode anything you pass with MSFramework thus defeat "AV", but remember the world isn't only AV when you get to DEP and HIPS things get much more difficult if not downright impossible.
Re: Choosing appropriate MSF Payloads in case of Anti-Virus
Thanks spudgunman. I'm going to watch all of them and check out the script you've modified for meterpreter. I have some additional questions at the moment, but will first check these out first. I appreciate it.
Posting Permissions
