Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

Hybrid View

  1. #1
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    Hey,
    I wrote a simple shell script to bypass AV's like AVG, Avast and emisoft.
    It certainly will not bypass all AV's. Just the easy ones
    The script can be downloaded here : http://home.base.be/%72%68%69%6E%63%...reatetrojan.sh
    I saw somebody demonstrate this method of av evasion in a youtube video and I decided to write a script for it to speed up the process.
    The script let's you choose between 2 payloads. the meterprer/reverse_tcp and the shell_reverse_tcp. (feel free to add more)
    It let's metasploit generate the code for the payloads and then puts them in a template.c from the metasploit framework and fils it with some random junk and then compiles it with mingw32. So be sure you have mingw32 installed

    Code:
    apt-get install mingw32
    The script also has the option to use your external ip adress and will look it up for you on a Belgian website.
    This is just a fun feature I added. So don't use it for anything illegal

    If you want to scan the trojan the script creates with multiple AV's, pls use http://vscan.novirusthanks.org/
    And be sure to select the "do not distribute this sample" option so it won't get detected that quickly.

    If it get's detected after a month or so, you can always change the variable names and the random junk in the c file.
    This will probably make it undetectible again for the easy AV's ofcourse
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    WOOOOOH!
    worked perfect!!!many thanks!
    now 16.17 hour european(italy)
    attack MY windows seven sp1 (update today!!!)with firewall and NOD32(update this morning)))
    many,many thanks
    good job
    NOW i've meterpreter sessions !!!!!!
    very good
    bye

  3. #3
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    Glad you like it
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  4. #4
    Member longjidin's Avatar
    Join Date
    Feb 2010
    Location
    Kg Lengkong to Bukit Lada
    Posts
    93

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    nice bro.....!!! i test it work like cancer hahahaha!!!

  5. #5
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    gd work boy .. .. go fw
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  6. #6
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    man .. i tried it .. but i cannot see the file results !!! any idea
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  7. #7
    Junior Member trisogono's Avatar
    Join Date
    Oct 2010
    Location
    catania
    Posts
    38

    Default Riferimento: Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    this is beautiful!!!!
    XD


    great job!!!

  8. #8
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    Quote Originally Posted by m0j4h3d View Post
    man .. i tried it .. but i cannot see the file results !!! any idea
    What do you mean ?
    you can't find the exe output file of the script ?
    It's in /root/Desktop and the script also asks you if you want to copy it to /var/www
    This script was written for the gnome version of backtrack. So if you use KDE I think you need to change /root/Desktop to /root/ in every line.
    Last edited by LHYX1; 07-19-2011 at 03:11 PM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  9. #9
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Red face Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    hi,i'm testing the script in kde and gnome .the result it's the same for defaullt locate!!!!
    *************************************
    Trojan created !
    Location: /root/Desktop/riciao.exe
    *************************************
    WORK PERFECT!and it's wonderful! thk!(sorry my english)

  10. #10
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Script for simple AV evasion (tested on AVG, Avast, Emisoft)

    Will be trying it out soon...many thanks
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Page 1 of 2 12 LastLast

Similar Threads

  1. New Script (very simple) Exploit-db Update
    By firebits in forum Tool Requests
    Replies: 3
    Last Post: 04-29-2011, 12:42 AM
  2. SET - Java Applet attack blocked by Avast
    By gmoraes in forum Beginners Forum
    Replies: 3
    Last Post: 12-09-2010, 06:27 AM
  3. SET - Java Applet attack blocked by Avast
    By gmoraes in forum Beginners Forum
    Replies: 3
    Last Post: 12-06-2010, 09:50 PM
  4. simple update script for key pentest tools
    By brtw2003 in forum Experts Forum
    Replies: 3
    Last Post: 09-04-2010, 10:17 PM
  5. Simple script for wpa_supplicant
    By adri_ht_ in forum OLD BackTrack3 Howtos
    Replies: 7
    Last Post: 08-07-2008, 04:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •