NeosLab.com
Exploitation

Bypass Antivirus Detection with Encrypted Payloads using Venom

The script will use Msfvenom from Metasploit to generate shellcode in differents formats such as “c”, “python”, “ruby”, “dll”, “msi”, “hta-psh” in order to injects the shellcode generated into one template and work with encrypted payloads.

The python funtion will execute the shellcode into ram and uses compilers like gcc or mingw32 or pyinstaller to build the executable file, and will start a Metasploit multi-handler session to receive the remote connection.

Source: github.com

HOW TO INSTALL VENOM
# Download framework from github
$ git clone https://github.com/r00t-3xp10it/venom.git

# Set files execution permitions
$ cd venom
$ sudo chmod -R +x *.sh
$ sudo chmod -R +x *.py

# Install dependencies
$ cd aux`
$ sudo ./setup.sh

LAUNCH VENOM
$ sudo ./venom.sh

Once the tool has been launched, it will prompt you to press “Enter” to continue for proceed further options.

The next screen will show you the information about the Option Built, the target machine, the payload format and the and output. There is 7 differents type of option builds shellcode listed. We are going to use the shellcode “number 4” for the purpose of this demonstration.

Simply choose the Venom shellcode “number 4” and press “enter” to continue.

PAYLOAD CONFIGURATION

You will need now to choose your agent referal. For this payload Venom offer you two options. Select the one that you want to use between Android and IOS. On our side we will select the agent “number 1” for the purpose of this demonstration.

We will need now to setup the local host IP address along with the local port. Now enter your local machine IP address and local port which will be used by the payload for listening. For your information local IP address and local port are amways refered as “LHOST” and “LPORT” exactly like Metasploit.

It’s now the time to give a name to our payload which will be used to save it and to define the way we want the payload to be deliver.

LAUNCH THE ATTACK

At this stage we can say that you are almost done ! A new terminal will automatically start a session of Metasploit allowing you to conduct your attack with the encrypted Payload.

Related posts

How to Create a Reverse Shell

neoslab

How to Exploit Apache Struts Vulnerability CVE 2017-5638

neoslab

How to Exploit Shellshock Vulnerability CVE 2014-6271

neoslab

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

Hey Wait!
Did you know ? You can build your Cyber security or IT career for FREE !
Make yourself happy, join our 8,000 members and receive FREE every day our latest tutorials and webinars to your mailbox!
Yes, Send it Over!
No Thanks!
close-link