?
Solved

Metasploit payload reverse_tcp

Posted on 2015-01-19
2
Medium Priority
?
165 Views
Last Modified: 2015-01-22
Experts,

I am doing pentesting as a proof of concept.

In regards to a reverse_tcp payload from Metasploit, is there a way to make it not be an .exe file? I can't upload .exe at my particular website.  Is there a tool that I can run my payload through so that it can be hidden/disguised and not picked up by my antivirus?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40559369
you could use winrar/winzip and encrypt the .exe into the zipx/rar archive
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40559409
password protect the exe is one mean but be wary it can be dropped by security devices as well esp such as email exchanges etc. I was thinking to remove it fingerprint such as MZ in header etc but that will not enable it to run off w/o changing back, and now AV and equivalent is capable to detect that too...

Assuming the objective is to make the exe undetectable by AV, you can check out PEScrambler is a tool to obfuscate win32 binaries automatically. The idea is to encode the file such that antivirus/anti malware cannot detect it (easily). Another in Metasploit, you can check out "shikata_ga_nai" but that is also encoding but fall in the same limitation though chances of detection are slightly lower.

...Another "common" mean is separating the exe and payload e.g. modify the signature of your intended metasploit payload or to write your own shellcode and to play with different packers and encoders until you have an executable which will be undetectable. See this blog sharing

also i see this of interest as well using the "-k" option with the "shikata_ga_nai" e.g. shikata_ga_nai -c 5 -t exe -k -x /root/Some_Dir/legitimate.exe >  /root/Desktop/legitimate-payload_2.exe . Simply, that option is to have the payload launched as a separate thread allowing the legitimate executable to launch normally in an attempt to avert user suspicion.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question