Results 1 to 10 of 114

Thread: [script] for AV evasion

Threaded View

  1. #1
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default [script] for AV evasion

    Hello everybody,

    I created a python script that will obfuscate metasploit payloads so they won't get detected by AV's.
    The script creates a C file that will execute your obfuscated shellcode.
    The script:
    1)XOR's your payload
    2)adds a random byte after every byte of your shellcode
    3)adds random junk
    4)radomizes the file size
    5)strips out the debugging symbols

    So basicly signature based AV's have no chance at detecting this

    Then to bypass heuristic methods of detection:
    When you run your exe file, it deobfuscates your payload with very long for loops and I added a timer that waits a few moments.
    And then your metasploit shellcode get's executed.

    The script let's you choose to copy the exe to /var/www so you can easly download it via apache or
    you can use your undetectible exe to attack a target with the java applet method from SET.

    At the moment the script only contains a few payloads from metasploit. Feel free to add more.

    The only disadvantage the script has is that it takes about 8 seconds before you get a shell after your victim has executed the exe file.
    This is because of the timer and the for loops.

    I tested the scrript on kaspersky 2012, symantec, avg, avast and microsoft essentials.
    Novirusthanx results: http://vscan.novirusthanks.org/analy...ja2Rvb3ItZXhl/

    All the files should be placed in your metasploit directory and you should have mingw32 installed.
    Download: http://home.base.be/%72%68%69%6e%63%6b%78%74/script.zip

    Some of the ideas for the script I got from: http://spareclockcycles.org/tag/antivirus-evasion/

    I hope you like it

    EDIT: added option to create an evil pdf 04/04/2012
    Last edited by LHYX1; 04-04-2012 at 11:30 AM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

Similar Threads

  1. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 General Topics
    Replies: 16
    Last Post: 05-01-2012, 09:26 PM
  2. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 07-16-2011, 02:16 PM
  3. Snort Signature Evasion with Metasploit
    By T0XIC in forum BackTrack 5 Videos
    Replies: 6
    Last Post: 07-01-2011, 12:21 PM
  4. Advanced antivirus evasion techniques
    By AzraelSepultura in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2011, 06:57 AM
  5. Firewall evasion techniques?
    By knithx in forum OLD Pentesting
    Replies: 2
    Last Post: 09-21-2009, 06:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •