Jump to content

Reverse Shell Questions


M47H3W
 Share

Recommended Posts

Hello, I just have a few questions about using a reverse shell payload with the rubber ducky. Since I am not familiar with powershell, I will be using the reverse shell code from ducktoolkit.com.

My questions:

1. If the user restarts their computer, will the reverse shell still work? If not how can I make it still work after a reboot?

2.Is it detected by any antiviruses ?

Link to comment
Share on other sites

1. Afraid not. What you're after is persistence. There are a huge myriad of ways to gain persistence though once you have a shell. I'd suggest reading through these: https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394. They have what are probably the easiest ways to keep persistence going.

2. Unfortunately, a binary like this will probably be detected by most antivirus. The VirusTotal report currently says that 25/57 AV vendors will recognise it as malicious.

Report: https://www.virustotal.com/en/file/413d54659bc768f8df22344db3aa2164e98096f367cc7baa41f8f748c0fede21/analysis/1428692100/, so it doesn't look so good...

A general thing to keep in mind is that if you write your own binary, or even generate one from metasploit (not a meterpreter executable, they're always picked up) you stand a much better chance of if not being detected. Just don't upload them all the VirusTotal, that just increases the chance of detection. (It didn't matter in this case because it's already heavily detected..)

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...