I created a meterpreter reversetcp payload from metasploit that it can bypass the scan of antivirus (bitdefender) but when i am trying to run it the antivirus says suspicius activity and block it.
The payload is in an executable app (sumatra.exe) and i also have tried the port 443 and reverse https all undetectable on scan but not on execution.
Any suggestions ??
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Make Your Own Bad USB
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
How To:
Change a Phone's Coordinates by Spoofing Wi-Fi Geolocation Hotspots
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Scrape Target Email Addresses with TheHarvester
How To:
Hack Open Hotel, Airplane & Coffee Shop Wi-Fi with MAC Address Spoofing
How To:
Fix Bidirectional Copy/Paste Issues for Kali Linux Running in VirtualBox
How To:
Install & Use the Ultra-Secure Operating System OpenBSD in VirtualBox
How To:
Regain Access to Lubuntu After Loss of Password (Windows 7)
How To:
Clone Login Forms Manually and Get Login Credentials!
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Brute-Force FTP Credentials & Get Server Access
4 Responses
I would assume that it takes a few seconds of activity before the anitivirus detects the suspicious activity (it haopened to me with VIPRE antivirus) You could try to make it so that one of the first actions would be to call the killav.rb to stop the AV activity. Appart from that, i think you would need to craft your own payload to avoid the antivirus.
Yes it takes a few seconds before the av blocks it as a suspicious activity but i am unable to take meterpreter session.
Can i put the killav.rb in the payload ?
I cant make my own payload dodn`t have the knowledge (i am trying to learn c) but i am in basics.
Thanks for the help !
All payload are not necessarily in C. Anyways, it is a good language to learn and if you understand C many other languages won't seem as difficult or new particularly if you also understand object oriented programming. I am not an expert, at best i am a script kiddy with some theoritacal knowledge on computer science. From what i have seen, you can find the source code for different paylaods on meterpreter, just google the payloads name. Modifying it would allow you to kill the AV, and reading it can help you improve you programing
Never tried this before , all theory but can you make a Installer with excelsior package maker so it installs killav.rb first runs that and then
installs & runs the payload , you could also add a real program in there and make the payload look like a data file or something sneaky... again just an idea not sure if it works.
Share Your Thoughts