Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shikata_ga_nai evasion...

From: ricky-lee birtles <mr.r.birtles () gmail com>
Date: Sun, 14 Mar 2010 18:24:18 +0000
Try using some of the tools from
http://technet.microsoft.com/en-us/sysinternals/default.aspx as
templates.

As well as trying to use a different payload and see if that brings
any different results/.
Regards,
-- Mr R Birtles



On 14 March 2010 18:04, netevil <netevil () hackers it> wrote:

Confirmed!..also changing template (TrueCrypt.exe, Mame.exe...)
results don't change...

Davidd



Have you tried using a different .exe template. As the default one is
what most AV vendors are using to pick up the metasploit's outputted
exe's


Yes Ricky!
I've tried with an original putty... and this template is a flash movie
i'm going to do a the third test with another template.. and see if
results changes...hoping at least for symantec..

thanks
David



Regards,
-- Mr R Birtles



On 14 March 2010 17:40, NetEvil <netevil () hackers it> wrote:

Hi guys
I'm doing a pentest using my meterpreter exe encoded with shikata ga nai..
and i see it signed as suspicious by symantec and microsoft...
Do you have a quick solution for these AVs evasion? I've tried some packers
but same results...
If not ...i know the hex editor is waiting for me...

Thanks...have a nice sunday!
David


Sent from my mobile device
--------------------------------------
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework






_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: