Jump to content

(Need Help) Payload that gets not detected by Antivirus


Recommended Posts

  • 2 weeks later...
  • 3 weeks later...
10 hours ago, Nikkkk said:

I am making the payload which is working for only one device by metasploit inpersistently...msfvenom command..

What modifications should be done to make it work on multiple devices with persistency???


Link to comment
Share on other sites

At this point, at least to me anyway, there's a message being conveyed here. If you can't get past antivirus detection using readymade generated scripts compiled into an executable ready to be ran from a target computer, it's then time to learn other ways to evade antivirus. That might mean learning about how antivirus works, where the weak points are in AV detection, simple tricks to reduce the number of detections, customizing payloads etc.

The answers are not going to jump out at you. The antivirus business is worth BILLIONS. It's their job to make your life as hard as possible. If it was as easy as downloading a custom Linux distribution with an exploitation framework pre-installed, creating a backdoor and then sending it to someone the whole world would be infected. The point of antiviruses is to make it harder to gain unauthorized access to a computer, or a network or whatever. I just started learning about this stuff a few months ago and already I've already learned that the barebones packages, although feasible and amazing in their ability, do not provide the total answer. Again, it's just common sense that billion dollar industries will eventually pool together their incredibly talented resources and phase out the possibility of certain things working, or at least stop them from working as they are, or are known to work from a pattern of signatures. That being said, if it's just a signature you want to change, you can do that by modifying an executable with a hex editor. The chances are though, the AV will still detect it. From what I know, most modern AVs work on behavioural analysis and they measure this behaviour on what their massive records contain on malicious code and the sort of stuff it does. It will then block that malicious code based on a hunch that it's going to cause damage. That hunch depending on the software and context, will either be a false positive, or it will be justified and the AV has done it's job. All this being said, this is just the surface of a much deeper sea of knowledge. I've been looking at how payloads work from the perspective of a programmer and it's by no means a walk in the park creating something as glorious as the Metasploit framework and then creating a payload which is effective and can be used time and time again. You have to remember that by you simply asking this question, you are no doubt one out of many thousands if not tens or hundreds of thousands who have asked the same queston and if that's true, how many of those have used the Metasploit framework? It's like asking how many people have had missionary sex. It's only when you start branching out and finding out about the dark and erotic stuff beyond the vanilla that you begin to see there is more to the original question you asked. Then you find out answers you didn't even know existed.

Bottom line from my experience anyway, if you are relying on something you can download for free and start up and compile a file without doing anything, you are always going to get the same results. From what I've learned so far, you don't have to be an elite level programmer to get past AV by designing some sort of amazing code which no AV has ever seen before, which is amazing by the way and commendable and like getting being the first in line at a concert when it gets passed down to the public, but you do need to be prepared to widen your skillset and look beyond easy solutions.

If you look in any of the good places on the internet you will find the same answer to your question; look deeper, learn, evolve your perspective, try new things, don't expect the answer to pop out at you. The fact that you are asking this question means you must sort of understand how complex the field of ethical hacking and pen testing is and why the antivirus industry is worth billions and why they hire some of the best brains in the world to find out ways to prevent people like you (and me) from simply downloading something and then without much knowledge just sitting back and watching it do it's work. I read somewhere that the AV industry has stepped up it's game so that it's becoming harder for those who want an easy victory to get anywhere. They are pushing out those who run pre-made scripts without any awareness of what they do. In the mean time it's creating an environment where the ones who are focused solely on breaking through by learning and adapting to thrive and to raise the bar.

I mean essentially your question is like asking; How do I become a world star in Formula 1 racing?
Hard work, learning, knowledge, failing, experimentation, trial and error etc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...