dANNNlixi Posted December 23, 2011 Posted December 23, 2011 (edited) Post deleted Edited December 24, 2011 by dANNNlixi Quote
bobbyb1980 Posted December 23, 2011 Posted December 23, 2011 (edited) Thats the same article I linked you to in the other thread. As I told you there, in that tutorial they basically just read the code in the patch and execute it step by step manually. What do you mean metasploit gets picked up by AV? There are tons of java attacks that aren't detected by AV's and have extremely high success rates. There are many browser based exploits mainly targeted at IE which also have extremely high success rates. I assume you mean that your payloads get picked up by AV's when they're on disk as a file. Despite what outdated tutorials say, almost every module in metasploit is going to be picked up by AV's. If you want to create a file that can be sent and saved locally as a file without being detected by an AV you will need to create your own. Keep researching shellcode inside of vbs. Try putting java or c inside of a .pdf without the use of metasploit. Put shellcode as a macro inside of a .doc. You should probably also try to figure out the script I already sent you - if there is an error google it. No one will answer this question directly because if we do then we might as well send an email to ESET asking them to add our latest payloads to their definition files. Edited December 23, 2011 by bobbyb1980 Quote
dANNNlixi Posted December 23, 2011 Author Posted December 23, 2011 Thats the same article I linked you to in the other thread. As I told you there, in that tutorial they basically just read the code in the patch and execute it step by step manually. What do you mean metasploit gets picked up by AV? There are tons of java attacks that aren't detected by AV's and have extremely high success rates. There are many browser based exploits mainly targeted at IE which also have extremely high success rates. I assume you mean that your payloads get picked up by AV's when they're on disk as a file. Despite what outdated tutorials say, almost every module in metasploit is going to be picked up by AV's. If you want to create a file that can be sent and saved locally as a file without being detected by an AV you will need to create your own. Keep researching shellcode inside of vbs. Try putting java or c inside of a .pdf without the use of metasploit. Put shellcode as a macro inside of a .doc. You should probably also try to figure out the script I already sent you - if there is an error google it. No one will answer this question directly because if we do then we might as well send an email to ESET asking them to add our latest payloads to their definition files. Very true, I guess I'm trying to cut corners. Quote
zeknox Posted February 18, 2012 Posted February 18, 2012 Bypassing AV with metasploit is a hot topic and there are a few different methods to attack this. I think this article is one of the better methods for evading AV considering it gives the tester plenty of flexibility in obfuscating ASM instructions and allows for bypassing of Static Binary Analysis and Heuristic based AV engines. http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/ Have Fun! Quote
Infiltrator Posted February 19, 2012 Posted February 19, 2012 Metasploit has several encoders that can help you fud your payloads. One of the best, if I am not mistaken is the Shigatanakai, if I can spell it properly. A couple of articles to help you out here http://technology-flow.com/articles/metasploit-encoding-antivirus-detection/ http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.