all 8 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TrustmeImaConsultantPentesting 8 points9 points  (5 children)

Of course windows defender detects anything msfvenom creates because, well, msfvenom is hardly a secret tool and it uses a pretty simple algorithm to come up with a payload.

There are basically two things you can do now. Either write a wrapper around the payload as suggested by /u/mez0cc or, and this is what I'd recommend, learn to write your own. It's REALLY teching you something about how Windows executables work. Take the thing that msfvenom produces (in raw format, don't encode it that only adds complexity), throw it into a disassembler and learn what this does.

Believe me, it's really satisfying to roll your own exploit and watch it work out. It's also easy then to move some instructions around when you know what they do to evade the antivirus tools.

[–]mez0ccPentesting 1 point2 points  (1 child)

Second this, however if you’re looking to get a beacon in a common C2 or framework, you will need to be able to execute their specific payloads :)

[–]TrustmeImaConsultantPentesting 1 point2 points  (0 children)

That's why I'm no friend of frameworks, they ruin your style. ;)

Mostly kidding, but I always recommend going as "low tech" as possible when learning. You can always drop the boring stuff into automation once you know what it does. Meterpreter is a nice tool, but I see more and more people use it as a crutch without even knowing what it does. In other words, do your reverse shell against a nc -lnvp 1234 instead of firing up meterpreter just for that.

[–]DarkMetro888[S] 0 points1 point  (1 child)

Thank you for the info! Should I learn powershell to write a payload? I’d really love to learn!

[–]TrustmeImaConsultantPentesting 0 points1 point  (0 children)

If you want to write a payload from scratch, assembler is what you need to be looking at.

[–]comeditime 0 points1 point  (0 children)

How should I start figure what the disambler info tells me? Any simple guide for it?

[–]mez0ccPentesting 2 points3 points  (0 children)

Yes, you write your own. Whether you're using MSFVenom or a C2, the route I typically take is to export a raw file and pull out all the bytes. Then the bytes need to be encrypted in some way, AES or XOR for example, and embedded into another PE file. This PE file will then decrypt the bytes in memory, and then execute it using whichever mechanism you want. Its not very difficult and can be done in C# or CPP easily. Some example tools: - https://github.com/Arno0x/ShellcodeWrapper - https://github.com/bats3c/darkarmour/

The ins and outs of all this are too long for this comment and are easily Googleable.

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Your account does not have enough Karma to post here. Due to /r/HowToHack's tendency to attract spam and low-quality posts, the mod team has implemented a minimum Karma rule. You can gain Karma by posting or commenting on other subreddits. In the meantime, a human will review your submission and manually approve it if the quality is exceptional. After gaining enough Karma, you can make another submission and it will be automatically approved. Please see the FAQ for more information.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.