Open shawndeckerr opened 5 years ago
This might be best implemented as an evasion module that emits a windows payload rc4 packer.
+1 to this. i remember stageless tcp_rc4 payloads being in here a couple years ago, i guess someone removed them? it was my favorite payload, because when you change the rc4 pw, it changes the hash of the binary that comes out, so that was suuuuuper handy
Essentially requesting a bunch of RC4 stageless payloads on windows. I believe it will help a lot more with AV evasion if the payloads are stageless and don't request a second stage. I've found some AV vendors will block comms when the second stage is being retrieved in the current staged versions of the payload. The requested payloads are: 1) windows/meterpreter_bind_tcp_rc4 2) windows/meterpreter_reverse_tcp_rc4 3) windows/x64/meterpreter_reverse_tcp_rc4 4) windows/x64/meterpreter_bind_tcp_rc4
System stuff: Framework: 5.0.0-dev-52af87d278 Console: 5.0.0-dev-52af87d278
Cheers!