Jump to content

Archived

This topic is now archived and is closed to further replies.

PenisPeter

(Need Help) Payload that gets not detected by Antivirus

Recommended Posts

Im working with Kali Linux. I started getting into working with Metasploit, Payloads ... But heres the problem: I am not finding a way to create a Payload, that does not get detected by a Antivirus. Please Help 😄

Share this post


Link to post
Share on other sites

You use payload in Metasploit not create a payload. You can use some encoder like shikata_ga_nai or some badchars to bypass some anti virus.

Share this post


Link to post
Share on other sites

I am making the payload which is working for only one device by metasploit inpersistently...msfvenom command..

What modifications should be done to make it work on multiple devices with persistency???

Share this post


Link to post
Share on other sites
10 hours ago, Nikkkk said:

I am making the payload which is working for only one device by metasploit inpersistently...msfvenom command..

What modifications should be done to make it work on multiple devices with persistency???

https://www.offensive-security.com/metasploit-unleashed/meterpreter-service/

Share this post


Link to post
Share on other sites

At this point, at least to me anyway, there's a message being conveyed here. If you can't get past antivirus detection using readymade generated scripts compiled into an executable ready to be ran from a target computer, it's then time to learn other ways to evade antivirus. That might mean learning about how antivirus works, where the weak points are in AV detection, simple tricks to reduce the number of detections, customizing payloads etc.

The answers are not going to jump out at you. The antivirus business is worth BILLIONS. It's their job to make your life as hard as possible. If it was as easy as downloading a custom Linux distribution with an exploitation framework pre-installed, creating a backdoor and then sending it to someone the whole world would be infected. The point of antiviruses is to make it harder to gain unauthorized access to a computer, or a network or whatever. I just started learning about this stuff a few months ago and already I've already learned that the barebones packages, although feasible and amazing in their ability, do not provide the total answer. Again, it's just common sense that billion dollar industries will eventually pool together their incredibly talented resources and phase out the possibility of certain things working, or at least stop them from working as they are, or are known to work from a pattern of signatures. That being said, if it's just a signature you want to change, you can do that by modifying an executable with a hex editor. The chances are though, the AV will still detect it. From what I know, most modern AVs work on behavioural analysis and they measure this behaviour on what their massive records contain on malicious code and the sort of stuff it does. It will then block that malicious code based on a hunch that it's going to cause damage. That hunch depending on the software and context, will either be a false positive, or it will be justified and the AV has done it's job. All this being said, this is just the surface of a much deeper sea of knowledge. I've been looking at how payloads work from the perspective of a programmer and it's by no means a walk in the park creating something as glorious as the Metasploit framework and then creating a payload which is effective and can be used time and time again. You have to remember that by you simply asking this question, you are no doubt one out of many thousands if not tens or hundreds of thousands who have asked the same queston and if that's true, how many of those have used the Metasploit framework? It's like asking how many people have had missionary sex. It's only when you start branching out and finding out about the dark and erotic stuff beyond the vanilla that you begin to see there is more to the original question you asked. Then you find out answers you didn't even know existed.

Bottom line from my experience anyway, if you are relying on something you can download for free and start up and compile a file without doing anything, you are always going to get the same results. From what I've learned so far, you don't have to be an elite level programmer to get past AV by designing some sort of amazing code which no AV has ever seen before, which is amazing by the way and commendable and like getting being the first in line at a concert when it gets passed down to the public, but you do need to be prepared to widen your skillset and look beyond easy solutions.
 

If you look in any of the good places on the internet you will find the same answer to your question; look deeper, learn, evolve your perspective, try new things, don't expect the answer to pop out at you. The fact that you are asking this question means you must sort of understand how complex the field of ethical hacking and pen testing is and why the antivirus industry is worth billions and why they hire some of the best brains in the world to find out ways to prevent people like you (and me) from simply downloading something and then without much knowledge just sitting back and watching it do it's work. I read somewhere that the AV industry has stepped up it's game so that it's becoming harder for those who want an easy victory to get anywhere. They are pushing out those who run pre-made scripts without any awareness of what they do. In the mean time it's creating an environment where the ones who are focused solely on breaking through by learning and adapting to thrive and to raise the bar.

I mean essentially your question is like asking; How do I become a world star in Formula 1 racing?
Hard work, learning, knowledge, failing, experimentation, trial and error etc.
 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...