Results 1 to 3 of 3

Thread: Metersploit AV bypass fails on re-run

  1. #1
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Metersploit AV bypass fails on re-run

    Hi
    I am able to create an exe with metersploit and copy to my XP sp2 box with AVG running on it, by playing with various encoders or multi encoders with various counts I can usually get passed my AV.
    I then copy and paste the code for later use, re-run this code say even a few mins later with a different name e.g. test2.exe instead of test.exe, it fails yet the original test.exe still runs.
    I am following metersploit unleashed AV bypass, metersploit primer part 14 and many other examples and bingo it works first time and fails on repeat tries.
    I have stopped testing using VirusTotal as I thought this might be alerting AVG.
    Any ideas would be appreciated.
    Many thanks.

  2. #2
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default Re: Metersploit AV bypass fails on re-run

    I deleted my post cause I'm actually not sure. I have to try it later on.

    greets
    Last edited by SecureSurfer; 01-24-2011 at 07:33 AM.

  3. #3
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Metersploit AV bypass fails on re-run

    Using VirusTotal will indeed have your file(s) included in a database of possible malicious files..
    So if you want to re-use that encoding that works, dont send to VirusTotal.

    Seems very strange that simply changing the filename would change the detection.. seems that
    you must be doing something changing the file in some way..

Similar Threads

  1. Meterpreter Bypass UAC Windows 7
    By runlevel0000 in forum Experts Forum
    Replies: 2
    Last Post: 01-18-2011, 07:59 AM
  2. Antivirus bypass
    By pentest09 in forum BackTrack Videos
    Replies: 9
    Last Post: 09-28-2010, 09:37 PM
  3. Bypass web logon pages
    By pigtail in forum Beginners Forum
    Replies: 5
    Last Post: 05-13-2010, 05:31 AM
  4. Bypass safe mode
    By xpleet in forum OLD Pentesting
    Replies: 8
    Last Post: 05-01-2009, 08:35 PM
  5. proxy bypass java?
    By cerebus in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-14-2008, 12:30 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •