Anti-Virus Evasion for Meterpreter

Anti-Virus companies are smart and can pick up all the encoders used in Metasploit. After doing some research I found three different ways  run Meterpreter shellcode which work.

1. Run shellcode using dot net  https://github.com/mandreko/DotNetAVBypass/

It does require .net framework 4.

 

2. Run shellcode using python after using pyinstaller to build the python as an executable.

The executable it creates is quite big 3mb.

The third method which is from

http://www.coresec.org/2011/11/09/fud-payload-generator-for-backtrack/

This generates an executable but uses the  mingw32msvc-gcc compiler which is not very widely used so not detected as much by antivirus companies.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.