Jump to content

Recommended Posts

Posted (edited)

Thats the same article I linked you to in the other thread. As I told you there, in that tutorial they basically just read the code in the patch and execute it step by step manually.

What do you mean metasploit gets picked up by AV? There are tons of java attacks that aren't detected by AV's and have extremely high success rates. There are many browser based exploits mainly targeted at IE which also have extremely high success rates.

I assume you mean that your payloads get picked up by AV's when they're on disk as a file. Despite what outdated tutorials say, almost every module in metasploit is going to be picked up by AV's. If you want to create a file that can be sent and saved locally as a file without being detected by an AV you will need to create your own. Keep researching shellcode inside of vbs. Try putting java or c inside of a .pdf without the use of metasploit. Put shellcode as a macro inside of a .doc. You should probably also try to figure out the script I already sent you - if there is an error google it.

No one will answer this question directly because if we do then we might as well send an email to ESET asking them to add our latest payloads to their definition files.

Edited by bobbyb1980
Posted

Thats the same article I linked you to in the other thread. As I told you there, in that tutorial they basically just read the code in the patch and execute it step by step manually.

What do you mean metasploit gets picked up by AV? There are tons of java attacks that aren't detected by AV's and have extremely high success rates. There are many browser based exploits mainly targeted at IE which also have extremely high success rates.

I assume you mean that your payloads get picked up by AV's when they're on disk as a file. Despite what outdated tutorials say, almost every module in metasploit is going to be picked up by AV's. If you want to create a file that can be sent and saved locally as a file without being detected by an AV you will need to create your own. Keep researching shellcode inside of vbs. Try putting java or c inside of a .pdf without the use of metasploit. Put shellcode as a macro inside of a .doc. You should probably also try to figure out the script I already sent you - if there is an error google it.

No one will answer this question directly because if we do then we might as well send an email to ESET asking them to add our latest payloads to their definition files.

Very true, I guess I'm trying to cut corners.

  • 1 month later...
Posted

Bypassing AV with metasploit is a hot topic and there are a few different methods to attack this. I think this article is one of the better methods for evading AV considering it gives the tester plenty of flexibility in obfuscating ASM instructions and allows for bypassing of Static Binary Analysis and Heuristic based AV engines.

http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/

Have Fun!

Posted

Metasploit has several encoders that can help you fud your payloads. One of the best, if I am not mistaken is the Shigatanakai, if I can spell it properly.

A couple of articles to help you out here

http://technology-flow.com/articles/metasploit-encoding-antivirus-detection/

http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...