Results 1 to 5 of 5

Thread: bypass uac own payload

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default bypass uac own payload

    Hi all Merry Xmas and Happy New year!

    #ok here we go ........Is there a way to use my own undetecable payload with the metasploit bypassuac.rb module as most Avs detect the payload in the module.

    Also metasploit db_autopwn function no longer exists is there a way to create a new resource file to act out the same actions as autopwn like the karmetasploit module. Used to use nessus and import in to msf for autopwn and used to work well as one of my videos showed.

    Kind regards DEe

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: bypass uac own payload

    Which encoder(s) have you used with your payload? On a Win XP target, I've had good luck with shikata_ga_nai...maybe in combination with jmp_call_additive. If you know Ruby pretty good, you could code up your own payload module in MSF; using the existing payload modules as examples.

    My opinion on the second part of your post would be to take a copy of db_autopwn itself, and hack around with it to get it working reliably for you. Don't forget about asking on the Metasploit mailing list...HDM and the dev team often hang out there. I hang out there myself, and have picked up some good tips & tricks...not knowledgeable enough yet to contribute much myself
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: bypass uac own payload

    Which encoder(s) have you used with your payload? On a Win XP target, I've had good luck with shikata_ga_nai...maybe in combination with jmp_call_additive. If you know Ruby pretty good, you could code up your own payload module in MSF; using the existing payload modules as examples.

    My opinion on the second part of your post would be to take a copy of db_autopwn itself, and hack around with it to get it working reliably for you. Don't forget about asking on the Metasploit mailing list...HDM and the dev team often hang out there. I hang out there myself, and have picked up some good tips & tricks...not knowledgeable enough yet to contribute much myself
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  4. #4
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: bypass uac own payload

    Hi thanks for the reply but my payloads use various shellcode and other encoders to bypass 100/100 with random junk thrown in , its not my payloads that are the problem, its the bypassuac module's basic (rozena.AA.trojan) shikata ga nia is not good enough on its own to bypass also check my videos (youtube: dgconsultinguk) out for a netcat backdoor on win 7 which bypasses uac and does'nt get flagged by avs. Going to try to replace the bypass.exe in the modules folder with my own but it looks like they get encoded before being uploaded to C:/Users/blahblah/Appdata/local/Temp/JjmTy*******.exe and get flagged.

    Any ideas on this please feel free to join in as the forum is very quiet lately and there was a lot more going on last year before bt5 where are all the old skool lads with the great ideas and innovations with regards to bt?

    kind regards dee.

  5. #5
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: bypass uac own payload

    Hmm...I think this problem is beyond my current skill level. Thanks for the youtube videos, I'll have a look. At this point, I think the Metasploit dev team (or other highly experienced people) would be your best bet. Unfortunately, I fit neither category
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. ARPspoof bypass firewall
    By rotxx in forum BackTrack 5 General Topics
    Replies: 2
    Last Post: 07-24-2011, 04:32 PM
  2. Metersploit AV bypass fails on re-run
    By parrotface in forum Beginners Forum
    Replies: 2
    Last Post: 01-24-2011, 08:20 AM
  3. Antivirus bypass
    By pentest09 in forum BackTrack Videos
    Replies: 9
    Last Post: 09-28-2010, 09:37 PM
  4. Bypass safe mode
    By xpleet in forum OLD Pentesting
    Replies: 8
    Last Post: 05-01-2009, 08:35 PM
  5. proxy bypass java?
    By cerebus in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-14-2008, 12:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •