Page 3 of 12 FirstFirst 12345 ... LastLast
Results 21 to 30 of 114

Thread: [script] for AV evasion

  1. #21
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    See, here we go again.

  2. #22
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    4

    Default Re: [script] for AV evasion

    Hi all. i try use crypter.py and have some error. How solve this error ?

    *] Compiling trojan horse...
    sh: i586-mingw32msvc-gcc: command not found[*] Stripping out the debugging symbols...
    strip: 'a.exe': No such file[*] Moving trojan horse to web root...
    mv: cannot stat `a.exe': No such file or directory

    I don't know how find a.exe

  3. #23
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @jonim Please install mingw32
    Code:
    apt-get install mingw32
    And next time read the full post before you complain about error messages
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  4. #24
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    1

    Default Re: [script] for AV evasion

    Hi LHYX1,

    Your script works great, many thanks!

    I have been trying to take your work a step further and integrate an alternate executable template, but not having much luck to this point. It looks like the msfencode -x is not a viable option because it is getting XOR'ed and complied afterwards. I am now looking into modifying this "i586-mingw32msvc-gcc -mwindows temp.c" to accomplish the task, but I am not having much luck.

    Any ideas?

  5. #25
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    4

    Default Re: [script] for AV evasion

    Many Thanks .. cool script. I use to pentest on my virtual pc/
    If you don't hard? please say how this script works.

    and next question , it possible to crypts shell core use ( SET ) to create shell pdf file ?



    Thanks

  6. #26
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    Quote Originally Posted by jonim View Post
    Many Thanks .. cool script. I use to pentest on my virtual pc/
    If you don't hard? please say how this script works.

    and next question , it possible to crypts shell core use ( SET ) to create shell pdf file ?
    Thanks
    "Cool script" - did you really look into the lines?
    And how can it be so hard to just execute a script?
    It's almost the exact same thing as launching SET.

  7. #27
    Just burned their ISO
    Join Date
    Sep 2011
    Posts
    22

    Default Re: [script] for AV evasion

    Many thanks. Though I did want to point out that Avast Free detects it as a suspicious program.

  8. #28
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    5

    Default Re: [script] for AV evasion

    thz so much bro...tis script work for me
    i already test on window7 with kasperky internet security 2011...

  9. #29
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @Radnuz So as I understand, you would like to inject the payload into a real piece of software ?
    You could just take the compiled payload & bind it together with a real piece of software.
    You can find tons of binders on the internet. I use easy binder:
    http://descargashack.blogspot.com/20...r-v10-fud.html
    Last edited by LHYX1; 03-29-2012 at 02:51 AM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  10. #30
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    3

    Default Re: [script] for AV evasion

    So am I to understand that this attempts to defeat heuristics by just stalling for several seconds, hoping the AV engine times-out? Because in my experience, while this will defeat some heuristics, others (like AVG's "identity protection" heuristics) monitor the process throughout it's life. So even if you wait a several minutes, and then do something sketchy like inject into another process, the AV will still catch it and throw up a big warning message. Anyone have similar experiences?

    Kudos on the payload obfuscator though.

Page 3 of 12 FirstFirst 12345 ... LastLast

Similar Threads

  1. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 General Topics
    Replies: 16
    Last Post: 05-01-2012, 09:26 PM
  2. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 07-16-2011, 02:16 PM
  3. Snort Signature Evasion with Metasploit
    By T0XIC in forum BackTrack 5 Videos
    Replies: 6
    Last Post: 07-01-2011, 12:21 PM
  4. Advanced antivirus evasion techniques
    By AzraelSepultura in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2011, 06:57 AM
  5. Firewall evasion techniques?
    By knithx in forum OLD Pentesting
    Replies: 2
    Last Post: 09-21-2009, 06:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •