Jump to content

[Question] Do we have a FUD meterpreter payload?


DrDinosaur
 Share

Recommended Posts

I know we have a meterpreter payload, but it's flagged like crazy. There is one for Teensy on SET that worked well. It used PowerShell injection to bypass all AV. Very powerful. I think this is the main code (also check the parent directory): https://github.com/trustedsec/social-engineer-toolkit/blob/master/src/teensy/powershell_shellcode.py

Link to comment
Share on other sites

Assuming you're talking about the windows meterp.

It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume).

Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection.

In fact, if done with care not a single AV will detect it. :)

Link to comment
Share on other sites

Assuming you're talking about the windows meterp.

It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume).

Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection.

In fact, if done with care not a single AV will detect it. :)

Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that.

Link to comment
Share on other sites

  • 2 weeks later...

Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that.

So port it?

You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes.

Link to comment
Share on other sites

I don't have the skills to do that. I'm pretty sure there's not going to be a pandemic. Real cyber criminals prefer their own malware, they like doing everything remotely, and hardly anyone has heard of this. The Teensy has had it for over a year and I bet the payload hasn't been used 10 times by actual cyber criminals.

So port it?

You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes.

Link to comment
Share on other sites

At some point you'll have to learn how to create your own crypter on your own any how. I will suggest you to stop relying on someone else work, and get on the computer and start to coding on your own.

Because like you said, there's no FUD meterpreter for now, and guess what? as soon as there is, it will get flagged. You know why? because AV developers get paid for that. You honestly think, for even a second, that they don't check on the latest updates for well-known software of the likes of Metasploid?

As soon as someone uploads a FUD, it will go straight to the lab of some AV product, BUT if you make your own, you will only know how to do it and how to get rid of it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...