Metasploit mailing list archives
Re: shellcodeexec to bypass AV ?
From: John B <johnb.electric () gmail com>
Date: Fri, 15 Apr 2011 09:35:35 -0400
I haven't investigated this script yet but more than likely on the windows side I'm sure it just does: Kernel32.dll - OpenProcess -> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread -> pwned!! I used to do kind of the same thing by making my own payloads that just displayed a message box and injected the shellcode. It may pass standard signature based virus scanners but most heuristic engines can spot the above API calls. This is only usefull if you already have access and can run this command. If yur doing an email or web campain you'll need to do something custom if you really want to bypass virus scanners. Most if not all of the metasploit payloads are detected with the basic template, and now with the custom template option virus scanners can spot the change in oep and extra text section in the pe. Your best bet is to program your own. Check out the book: Grey Hat Python it has a great example of shellcode injection in python that is very easy to follow. John On Thu, Apr 14, 2011 at 4:15 PM, Houcem HACHICHA <houcem.hachicha () gmail com>wrote:
Hi, have you guys heard about *shellcodeexec* script? http://www.pentestit.com/2011/04/14/shellcodeexec-execute-metasploit-payloads-memory-bypass-antivirus-protection/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+PenTestIT+%28PenTestIT%29&utm_content=Twitter The author claims that the script makes Meterpreter bypass AV (better than Msfencode). If this is true, can this be implemented in MSF ? -- *Regads, Houcem* _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- shellcodeexec to bypass AV ? Houcem HACHICHA (Apr 14)
- Re: shellcodeexec to bypass AV ? John B (Apr 15)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
- Re: shellcodeexec to bypass AV ? Willard Dawson (Apr 17)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 17)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)