Results 1 to 3 of 3

Thread: Choosing appropriate MSF Payloads in case of Anti-Virus

  1. #1
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Choosing appropriate MSF Payloads in case of Anti-Virus

    Hello all,

    In case this is a newbie question, moderators feel free to move and apologies for the trouble.

    We all know that certain vulnerabilities out there that can be exploited via MSF is a one shot kind of deal. Thus, settings must be configured appropriately otherwise you lose your chance. I have noticed that while actively exploiting and using certain payloads (/windows/meterpreter/reverse_tcp, /windows/shell/reverse_tcp, etc.) it tends to trigger AV.

    AV will then kill the payload on the spot and you've lost your only chance at exploitation because now the vulnerable service has been terminated.

    What payloads are considered a bit "safer" and are there techniques around AV? I am aware of msfencoding executable binaries to bypass AV, but this requires a manual copy of the encoded binary onto the server and then requires a manual execution. If someone can nudge me into the right direction with even a keyword so that I may further the research on my own it would be appreciated.

    Thanks!

  2. #2
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: Choosing appropriate MSF Payloads in case of Anti-Virus

    these links will address some of the material
    http://www.backtrack-linux.org/forum...-advanced.html
    http://www.backtrack-linux.org/forum...re-script.html

    the Scenario Based Hacking Series that was started (but hasn't progressed) check them out

    ultimately you should read up on msfencoding you can encode anything you pass with MSFramework thus defeat "AV", but remember the world isn't only AV when you get to DEP and HIPS things get much more difficult if not downright impossible.

  3. #3
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: Choosing appropriate MSF Payloads in case of Anti-Virus

    Thanks spudgunman. I'm going to watch all of them and check out the script you've modified for meterpreter. I have some additional questions at the moment, but will first check these out first. I appreciate it.

Similar Threads

  1. Choosing Swap & Grub during installation
    By zoyya in forum Beginners Forum
    Replies: 1
    Last Post: 10-28-2010, 08:47 PM
  2. need help disabling anti virus
    By roonie in forum Beginners Forum
    Replies: 7
    Last Post: 08-18-2010, 01:32 PM
  3. Recompile WHOSTHERE to avoid Anti-Virus
    By Stewtn in forum OLD Pentesting
    Replies: 3
    Last Post: 10-06-2009, 11:42 PM
  4. choosing a laptop: how much power do I really need?
    By nokuku4u in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-08-2009, 05:26 PM
  5. can't boot bt3 after choosing the option
    By badbrains in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-30-2008, 07:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •