Script For for AV evasion

Hello everybody,

I created a python script that will obfuscate metasploit payloads so they won’t get detected by AV’s.
The script creates a C file that will execute your obfuscated shellcode.
The script:
1)XOR’s your payload
2)adds a random byte after every byte of your shellcode
3)adds random junk
4)radomizes the file size
5)strips out the debugging symbols

So basicly signature based AV’s have no chance at detecting this…..

Then to bypass heuristic methods of detection:
When you run your exe file, it deobfuscates your payload with very long for loops and I added a timer that waits a few moments.
And then your metasploit shellcode get’s executed.

The script let’s you choose to copy the exe to /var/www so you can easly download it via apache or
you can use your undetectible exe to attack a target with the java applet method from SET.

At the moment the script only contains a few payloads from metasploit. Feel free to add more.

The only disadvantage the script has is that it takes about 8 seconds before you get a shell after your victim has executed the exe file.
This is because of the timer and the for loops.

I tested the scrript on kaspersky, symantec, avg, avast and microsoft essentials.
Novirusthanx results: http://vscan.novirusthanks.org/analy…ja2Rvb3ItZXhl/

All the files should be placed in your metasploit directory and you should have mingw32 installed.
Download: http://home.base.be/%72%68%69%6e%63%6b%78%74/script.zip

Some of the ideas for the script I got from: http://spareclockcycles.org/tag/antivirus-evasion/

I hope you like it

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s