Bypass an Anti Virus Detection with Encrypted Payloads using VENOM Tool

1
Payload

Nowadays many Malware and Payloads are using Encryption techniques and packing techniques using Packers to Evade the Anti Virus Software since AV is Difficult to detect the Encrypted and packed Malware and payload.

Here we are going to learn about generating Encrypted Payloads using VENOM – Metasploit Shellcode generator/compiler/listener tool.

According to description of this VENOM,The script will use MSF venom (Metasploit) to generate shellcode in different formats ( c | python | ruby | dll | msi | hta-psh ), inject the shellcode generated into one function (example: python)

The python function will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recipe the remote connection (reverse shell or meterpreter session).

Also Read : Commix – Automated All-in-One OS Command Injection and Exploitation Tool

Step 1:

Since this tool is not a default tool, we need to Download and Install into your Kali Linux.

please use this link to Download VENOM from Sourceforge Website Download Link.

Once Downloaded the Tool Extract the ZIP and run the Tool.Here i kept the package in my Desktop.

Payload

Step 2:

After Launch the tool, it will ask to click ok to continue for proceed further options.

Payload

Step 3:

Next Process will show you the information about the Option Built, Target Machine, payload format, and output.

The are 20 Different Type of option builds shellcode are listed here. we are using shellcode number 10 for this Demonstration.Payload

so here we Chose Venom shellcode number 10 and press OK.

Step 4:

In This Step, we need to set up the Local host IP address. so enter your Local machine IP address for listening to the payload and press ok for next setting information.

Payload

Once we have to set our LHOST, it will Ask you to Enter you LPORT . Provide your Desire LPORT number then Press OK .

Step 5:

Venom contains some Default msf payloads. Here we using “windows/meterpreter/reverse_tcp”

Payload

Step 6 :

Here you can Provide your payload name that you’re going to generate.Once select the name press OK.

Payload

Step 7:

Once Encrypted Payload Successfully Generated, then it will be stored into output Folder of the Venom Package.

root/Desktop/shell/output/gbhackers.hta

Payload

Step 8:

I have done scanning process for checking the Anti Virus Vendor Detection, after Successfully generating our Encryption Payload. so we have successfully Evade the AV Detection.

Payload

Here let us bypass the Victim using Metasploit with our Encrypted payload.

Step 9:

we need to start the Apache server to Deliver our Malicious Payload into Victims Machine. once you select the server Click ok to Continue.

Payload

Step 10:

In this step, we need to concentrate with Post Exploitation Module.Here we can choose any one of post Exploitation.

I need to gain access only system information so I have chosen sysinfo.rc for the post exploitation of target machine.

since it’s an Optional one, you can even perform manually this Module then you can bypass the Victim using Metasploit.

Payload

Step 11:

Finally, i have generated Meterpreter session using our Encrypted payload to my Target Windows 7 Machine.

Before Start session handler, Make sure your payload has successfully injected with your Target Machine.

I have Executed my payload to my Target machine using the Malicious URL(http://192.168.56.103)that have been generated by our payload Generated VENOM.

Before Play with Metasploit, check your LPORT and LHOST Setting has been properly set for listening to the Session.

Payload

So Finally, I have Successfully Bypassed my Victims and take over the Entire access of my Target Windows 7 Machine.

If you have any Further Doubts and Queries , Kindly leave your comments. Happy Hacking.

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and www.gbhackers.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Shares