[Question] Do we have a FUD meterpreter payload?

[DrDinosaur]

I know we have a meterpreter payload, but it's flagged like crazy. There is one for Teensy on SET that worked well. It used PowerShell injection to bypass all AV. Very powerful. I think this is the main code (also check the parent directory): https://github.com/trustedsec/social-engineer-toolkit/blob/master/src/teensy/powershell_shellcode.py

[j4k3]

Assuming you're talking about the windows meterp.

It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume).

Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection.

In fact, if done with care not a single AV will detect it. :)

[DrDinosaur]

Assuming you're talking about the windows meterp.

It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume).

Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection.

In fact, if done with care not a single AV will detect it. :)

Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that.

[j4k3]

Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that.

So port it?

You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes.

[DrDinosaur]

I don't have the skills to do that. I'm pretty sure there's not going to be a pandemic. Real cyber criminals prefer their own malware, they like doing everything remotely, and hardly anyone has heard of this. The Teensy has had it for over a year and I bet the payload hasn't been used 10 times by actual cyber criminals.

So port it?

You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes.

[joey-world]

At some point you'll have to learn how to create your own crypter on your own any how. I will suggest you to stop relying on someone else work, and get on the computer and start to coding on your own.

Because like you said, there's no FUD meterpreter for now, and guess what? as soon as there is, it will get flagged. You know why? because AV developers get paid for that. You honestly think, for even a second, that they don't check on the latest updates for well-known software of the likes of Metasploid?

As soon as someone uploads a FUD, it will go straight to the lab of some AV product, BUT if you make your own, you will only know how to do it and how to get rid of it.