Home page logo

metasploit logo Metasploit mailing list archives

Re: Yet another AV bypassing question
From: Jason Hawks <jason.hawks0 () gmail com>
Date: Sun, 26 Jun 2011 23:08:42 +0200

Hi everyone,

Thank you very much for your answers.
I wrote my own template and it did it. At least, I was able to use
java_signed_applet + meterpreter and bypass McAfee and Symantec EP.
I will try with other AV vendors as soon as I can.



2011/6/24 Jason Hawks <jason.hawks0 () gmail com>:
Hello list,

As many of you, I'm trying to bypass my AV but I'm not lucky with the
metasploit encoders anymore.

My Question is simple (but I don't know about the answer yet).

Does modifying and recompiling meterpreter source code (with spread
dummy instructions and a lot of try-and-error attempt) could help me ?
or the main problem is not in meterpreter DLL but somewhere else ?

Actually I got a try modifying the source code of meterpreter (using
Visual Studio Express), but it didn't change anything. Therefore, I'm
wondering if it's just a matter of tries or if I'm wasting my time.
Am I looking in the right direction ?

For information, I'm playing with McAfee 8.X right now.

Thank you very much for your lights. Any other tips are welcome.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]