Today we are gonna be encoding backdoors using metasploit framwork on Backtrack 5!

First we take a look at crafting a simple payload into a backdoor, and when loading it into a sandbox (Windows XP) the anti-virus doesn’t even allow the file to be downloaded.

Well, that’s not any good is it? Who’s gonna open the file if there are flags all over it?

So we have to make this file undetectable, at least to the client’s anti-virus which is Avast. Recently I found a public script in Pastebin and after looking at it for a few minutes, I thought the file was really legit. Especially after seeing all the encoding going on at line 43… so I modified it for my own use — big ups to Astrobaby, don’t know who you are or where you’re from but keep it up!

Run metasploit framework console, use the exploit/multi/handler method, and set the payload to windows/meterpreter/reverse_https. It is also a good idea to use the ‘launch_and_migrate.rb’ script, so we can migrate to a new process as soon as we get a chance. We encoded that backdoor like 1000 times so it can’t be that stable.

Now with an undetectable backdoor we just get creative and find a way to send it to the victim.

Video & Article:

Script download: