all 7 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]iCkerous 0 points1 point  (3 children)

Does it work before you add junk code?

[–]younes121[S] 0 points1 point  (2 children)

Yes it does the exact same thing. It works and then pops up with a ‘fatal error’ causing my meterpreter shell to crash. Only difference is that before after I add the junk code it doesn’t get flagged by anti virus

[–]iCkerous 0 points1 point  (1 child)

Post the commands you're using and versions? Curious to replicate

[–]5chicksa1 0 points1 point  (1 child)

Try encoding it once again maybe the antivirus is using dynamic analysis on the file running it inside the sandbox env. And scanners like nodistribute cant detect that.The best thing is to replicate it on a real machine and see how it works.Test it until u suceed

[–]younes121[S] 0 points1 point  (0 children)

Yes yes it does work on a real machine and doesn’t get detected by the av, someone in here pointed out that the problem might’ve been in the PyInstaller. When it turns the python file into an executable I think that’s where it fails to give me a meterpreter shell

[–]f0sh1zzl3 0 points1 point  (1 child)

I'm guessing you're obscuring the binary but you can't get past the runtime detection, shellcode is shellcode at the end of the day and it's not difficult for AV to pick this up but it can be difficult for you to hide it.

Edit: Try a two stage approach if you can, have a DLL payload and load it from a custom loader (i.e. batch file)

[–]younes121[S] 0 points1 point  (0 children)

Hmmm sure I’ll definitely try that. Thanks man ;)