AdSense

Tuesday, February 27, 2018

Metasploit Loader (I): loader.exe (x86_32 bits)


ANTIVIRUS EVASION /Metasploit Loader (I): loader.exe (x86_32 bits)

- Layout for this exercise:

                                                                                                         

1 - Installing loader.exe

- Metasploit Loader is a client compatible with Metasploit's staging protocol.

- Metasploit Loader implements the functionality of the first stage of the Materpreter payload. Then receives the DLL and finally it passes the control.

- The project can be cloned from here:

https://github.com/rsmudge/metasploit-loader


 


- Cloning to Kali Linux machine:




- Inside the newly created folder we can find both the executable loader.exe (already compiled) and the source code of the program main.c:





- The source code will be of particular interest to later facilitate the attack (as seen in the next exercises):





2 - Checking the funcionality

- Setting a web server in Kali:




- Downloading loader.exe to Windows 10 machine :









- Setting up a Metasploit handler, waiting for the victim's reverse connection:







- Now, loader.exe is executed from the Windows 10 (x86-32 bits) command line (in the next exercise this annoying issue will be resolved):




- The attack is successful:





3 - Checking the Anti Virus evasion rate

- Checking loader.exe against Virus Total, a rate of 71.8% of evasion success is achieved:





- Checking loader.exe against No Distribute, a rate of 83.3% of evasion success is achieved: