Page 5 of 12 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 114

Thread: [script] for AV evasion

  1. #41
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @L21ZIFER I edited my script and added the option to create an evil pdf.
    It's a little bit different then how you did it. Now you can use all the payloads to create an evil pdf and not just meterpreter.
    I made the original pdf path user generated I'am looking into pdf obfuscation techniques so the pdf won't get detected by AV's anymore.

    @melissabubble I dont really think there's an exe binder for linux.
    Try to get one working under wine
    Last edited by LHYX1; 04-04-2012 at 11:49 AM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  2. #42
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    Good news! So, when is it coming out?

  3. #43
    Member
    Join Date
    Feb 2010
    Location
    Somewhere in the hell
    Posts
    91

    Default Re: [script] for AV evasion

    @LHYX1,

    Is it possible not to use Easy Binder to bind the script generated exe file to another executable file but use the msfencode instead? It is because the Easy Binder generated file has no file description which will alert the victim.

    Samiux

  4. #44
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @L21ZIFER I should have mentioned it but if you download the script now you'll get the new version

    @samiux msfencode can't bind exes. It can only inject one of the metasploit payloads into an exe.
    If you want to change the description or the company name, icon,.. of an exe, you can compile it with a resource file.
    http://stackoverflow.com/questions/7...led-executable

    There's also a program called resource hacker that can adjust resources after compilation.
    http://www.angusj.com/resourcehacker/
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  5. #45
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    @LHYX1,

    well - but currently the PDF-Backdoor isn't working is it?
    I am testing it right now and I see no good results. The PDF doesn't get detected after all - however, the backdoor isn't launching. The good .exe is doing his job like known, the pdf lacks performance at this state.

  6. #46
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    doublepost

  7. #47
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @L21ZIFER
    This pdf exploit only works on a specific version of adobe acrobat reader. select the exploit in metasploit and do a show targets to confirm.
    I stumbled upon this a couple of days ago: http://blog.didierstevens.com/programs/pdf-tools/
    Maybe this is what you are looking for. btw this is from the same guy who wrote /windows/fileformat/adobe_pdf_embedded_exe for metasploit.
    And you really got to stop double posting mate
    Last edited by LHYX1; 04-05-2012 at 09:17 AM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  8. #48
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: [script] for AV evasion

    Why no notice then? You could mention the version-limitation for your pdf-binding anywhere in your script.

  9. #49
    Member
    Join Date
    Feb 2010
    Location
    Somewhere in the hell
    Posts
    91

    Default Re: [script] for AV evasion

    @LHYX1,

    Thanks for the information.

    Is it possible to inject your script generated payload to any execuate file (exe) and the execuate file will running properly even the backdoor is launched?

    Samiux

  10. #50
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    @Samiux You could use an exe binder or
    you can use the program iexpress that comes with windows.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

Page 5 of 12 FirstFirst ... 34567 ... LastLast

Similar Threads

  1. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 General Topics
    Replies: 16
    Last Post: 05-01-2012, 09:26 PM
  2. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 07-16-2011, 02:16 PM
  3. Snort Signature Evasion with Metasploit
    By T0XIC in forum BackTrack 5 Videos
    Replies: 6
    Last Post: 07-01-2011, 12:21 PM
  4. Advanced antivirus evasion techniques
    By AzraelSepultura in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2011, 06:57 AM
  5. Firewall evasion techniques?
    By knithx in forum OLD Pentesting
    Replies: 2
    Last Post: 09-21-2009, 06:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •