PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

packers....

From: netevil at hackers.it (NetEvil)
Date: Fri, 5 Feb 2010 15:40:48 +0100
Chris
The "evil bin" is already a payload encoded like that ;)...evasion  
works great.. but the user realizes of being tricked into an execution  
of a program that does not what he would expect...
Then wanted to pack into a setup ..or another trusted bin ...
Hope to have explained better!...however thanks
David



Il giorno 05/feb/2010, alle ore 15.12, Chris Keladis  
<ckeladis at gmail.com> ha scritto:


On Fri, Feb 5, 2010 at 6:31 PM, NetEvil <netevil at hackers.it> wrote:


Hi guys,
In my pentest i have 2 binaries, the first evil and the second
trusted..both undetected by AVs..
But when i pack them together...(I've tried many tools..) the
resulting bin is often detected as "evil packed file.." or something
like that...and this is not stealth as i would it to be...


Check out..

http://pauldotcom.com/wiki/index.php/Episode125#Pass_.233_-_Metasploit_.28svn_version_as_of_9-28-08.29_Payload_Encoded_With_Shikata_Ga_Nai

Might help.


Cheers,

Chris.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: