UNDETECTABLE PAYLOAD

Department
of CSE, Chalapathi Engineering collage , Guntur, Andhra Pradesh, India.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Abstract:

 

The aim of this work is to provide
a                                 description
and a comparison of some methods for the creation of some malicious payloads or
shellcode. This  payloads allow to creates
a remotely access between the victim’s Operating system and the attacker’s
operating system and, onces the connection is successfully done, we can access
victims computer.

 

 

The
 security systems available on Operating
system and antivirus systems.  invisible
simultaneously to several security systems

 

Keywords: metasploit

 

 

 

 

 

I
Introduction:-

1.1 Virtual
machines

As mentioned,
systems that we want to bypass are mainly present in Windows operating

Metasploit

Metasploit is a penetration tool
used for develop and executing exploit against a remote target Operating
systems. It is a sub-link of Metasploit network that is a Operating systems
security that provides information about security vulnerabilities in
penetration.

 

 

 

 

 

 

 

 

Metasploit has the world’s
largest database of public, tested exploits. In a single line words, Metasploit
can be used to test the vulnerabilites of windows systems in order to protect
them and, on the other hand, it can also be used to break into remote systems.

 

Meterpreter is a key to
open locked key of the Metasploit Network that allows to  Metasploit
functionality in it and further  
target. Some of  functions include
in it to cover your tracks, it can target also  memory data , dump hashes, access operating
systems, and much more.

 

 

Meterpreter is the most important tool in Metasploit and
is good as a payload after a vulnerability is exploit. For example, when a loop
hole is found, it is possible to access the exploit and select Meterpreter as
the payload, so it is created a Meterpreter shell into the system and, likely,
the

attacker can execute some shell commands

 

 

TheFatRat

 

 

TheFatRat is a tool to generate backdoor with msfvenom,
that is a part from metasploit as explained above. This tool compiles a virus with
popular payloads and then the compiled malware can be executed on Windows,
Android or Mac. This virus that is created with this tool exposes also the
ability to bypass most Any software protections.

 

 

 

 

 

 

 

 

 

 

 

 

Metasploit, offering a more easy
and intuitive command line interface for using Msfconsole or creating a
backdoor or a listener;

Searchsploit, for finding easily a
particular exploit;

PwnWind, for creating some kinds
of fully undetectable (FUD) backdoor

 

 

 

To install this tool, it is necessary to download its
project from GitHub and to execute its python script. After that, it checks
some requirements and dependencies; in some cases, it installs directly the
tools that are not present at that moment on the machine, but if a Kali linux
is used, most of these requirements are automatically satisfied.

 

Creating a FUD backdoor

 

 

To create a backdoor FUD, there are two

choices. Anyway, results will be saved into a TheFatRat folder,
where it is also possible to change the default icon image to associate with
executable created.

 

 

Option number 2 of The FatRat interface, is “Create a FUD
100% backdoor, involves backdoor creation providing the compilation of a C
program with a Meterpreter reverse_tcp payload. Furthermore, to make it more
untraceable, it is possible to enable the correspondent FUD option.

 

 

 

 

 

 

Option number 6 of TheFatRat
interface, that is “Create FUD backdoor 1000% FUD with PwnWind”, involves the
additional use of PwnWind that allows to create a shellcode FUD in different
languages

 

 

 

 

 

 

 

 

 

 

So,
for this case study, the chosen payloads are:

 

 

1.  id 2: exe file with reverse.tcp payload;(most power full
payload)

 

2.  id 21: exe file with reverse_tcp payload FUD;

3.  id 62: exe file with C# + PowerShell FUD;

4.  id 63: exe file with apache + powershell FUD;

5.  id 64: exe file with C + powershell.

 

chosen
payload will be identified by their id number.

 

 

These payloads have been tested on all of the Windows
machines proposed (Windows 8.1/10, 32/64 bit), obtaining the same results.

 

Results

 

 

Like
the Last cases, the executable was blocked by Operating system SmartScreen,
which carries out some checks on downloaded files from Internet. These payloads
are passed to the testing virtual machines downloading them from One Drive, Dropdox,
Google drive and running them by double clicking through Operating system. if
payloads are execute through command line, Operating system SmartScreen does
not block their execution. In this way, its protection has been bypassed.

 

 

 if these payloads are passed via shared folder
or USB drive, Operating system SmartScreen has no control, allowing vrius, also
by double clicking on it

 

Conclusion

 

 

In this case study different tools
and methodologies have been shown to create shellcode and Windows executables
trying to evade some security systems such as antivirus systems and
pre-installed Windows systems

 

Seeing an over
to it, I analysis of the results obtain, we note that TheFatRat gives the best
results, creating a fully undetectable payload (exe file with C# and
powershell) that is recognized only by Kaspersky antivirus.

So, in a social engineering, this payload would easily
bypass all the security systems installed on a victim machine. if a virus is
download from a link or a website and if it is execute through clicking on it
only Operating system SmartScreen can recognize it as a virus and bypassing
this defense.can be seen as a future development

 

References:- https://gbhackers.com/malicious-payload

https://www.trendmicro.com/vinfo/us/security/news/security-technology/how-can-advanced-sandboxing-techniques-thwart-elusive-malware

Veil-Evasion

V.Susmitha
Student ,Dept of CSE
Chalapathi  Engineering college(Lam)-GUNTUR

 

A.Sarada khair
Student ,Dept of CSE
Chalapathi
Engineering college(Lam) – GUNTUR