DrDinosaur Posted July 6, 2013 Share Posted July 6, 2013 I know we have a meterpreter payload, but it's flagged like crazy. There is one for Teensy on SET that worked well. It used PowerShell injection to bypass all AV. Very powerful. I think this is the main code (also check the parent directory): https://github.com/trustedsec/social-engineer-toolkit/blob/master/src/teensy/powershell_shellcode.py Quote Link to comment Share on other sites More sharing options...
j4k3 Posted July 6, 2013 Share Posted July 6, 2013 Assuming you're talking about the windows meterp. It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume). Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection. In fact, if done with care not a single AV will detect it. :) Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted July 6, 2013 Author Share Posted July 6, 2013 Assuming you're talking about the windows meterp. It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume). Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection. In fact, if done with care not a single AV will detect it. :) Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that. Quote Link to comment Share on other sites More sharing options...
j4k3 Posted July 17, 2013 Share Posted July 17, 2013 Did you see what I said? The Teensy uses PowerShell injection which never touches the disk, so it's FUD. You don't have to code your own if someone just ports that. So port it? You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes. Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted July 17, 2013 Author Share Posted July 17, 2013 I don't have the skills to do that. I'm pretty sure there's not going to be a pandemic. Real cyber criminals prefer their own malware, they like doing everything remotely, and hardly anyone has heard of this. The Teensy has had it for over a year and I bet the payload hasn't been used 10 times by actual cyber criminals. So port it? You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes. Quote Link to comment Share on other sites More sharing options...
joey-world Posted July 17, 2013 Share Posted July 17, 2013 At some point you'll have to learn how to create your own crypter on your own any how. I will suggest you to stop relying on someone else work, and get on the computer and start to coding on your own. Because like you said, there's no FUD meterpreter for now, and guess what? as soon as there is, it will get flagged. You know why? because AV developers get paid for that. You honestly think, for even a second, that they don't check on the latest updates for well-known software of the likes of Metasploid? As soon as someone uploads a FUD, it will go straight to the lab of some AV product, BUT if you make your own, you will only know how to do it and how to get rid of it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.