I created a python script that will obfuscate metasploit payloads so they won’t get detected by AV’s.
The script creates a C file that will execute your obfuscated shellcode.
1)XOR’s your payload
2)adds a random byte after every byte of your shellcode
3)adds random junk
4)radomizes the file size
5)strips out the debugging symbols
So basicly signature based AV’s have no chance at detecting this…..
Then to bypass heuristic methods of detection:
When you run your exe file, it deobfuscates your payload with very long for loops and I added a timer that waits a few moments.
And then your metasploit shellcode get’s executed.
The script let’s you choose to copy the exe to /var/www so you can easly download it via apache or
you can use your undetectible exe to attack a target with the java applet method from SET.
At the moment the script only contains a few payloads from metasploit. Feel free to add more.
The only disadvantage the script has is that it takes about 8 seconds before you get a shell after your victim has executed the exe file.
This is because of the timer and the for loops.
I tested the scrript on kaspersky, symantec, avg, avast and microsoft essentials.
Novirusthanx results: http://vscan.novirusthanks.org/analy…ja2Rvb3ItZXhl/
All the files should be placed in your metasploit directory and you should have mingw32 installed.
Some of the ideas for the script I got from: http://spareclockcycles.org/tag/antivirus-evasion/
I hope you like it