Metasploit-framework: Antivirus Detection : Payload Detected by Symantec and IPS.

Created on 5 May 2017  路  4Comments  路  Source: rapid7/metasploit-framework

While using Meterpreter variations as payload. Now I can bypass Anti-Virus and Firewalls easily, but Symantec Sonar and IPS always detect Meterpreter payloads and block the attacker IP.

Is there any better payload than Meterpreter that can bypass antiviruses like that are used by symantec and IPS ?

picture Tikam02

Most helpful comment

Symantec detect reverse HTTPS with invalid SSL certificate you can use auxiliary/gather/impersonate_ssl to make correct SSL cert and bypass it.
more info:
https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
https://www.netresec.com/index.ashx?page=Blog&month=2011-07&post=How-to-detect-reverse_https-backdoors

picture Pouya47 on 17 Jul 2018
2

All 4 comments

Just encrypt the stage? It's only detecting the stage. Or go stageless.

vysecurity picture vysecurity on 5 May 2017
👍2

Sounds about right.

wvu-r7 picture wvu-r7 on 8 May 2017

Symantec detect reverse HTTPS with invalid SSL certificate you can use auxiliary/gather/impersonate_ssl to make correct SSL cert and bypass it.
more info:
https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
https://www.netresec.com/index.ashx?page=Blog&month=2011-07&post=How-to-detect-reverse_https-backdoors

Pouya47 picture Pouya47 on 17 Jul 2018
2

Nice!!

wvu-r7 picture wvu-r7 on 17 Jul 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

adrianmihalko picture adrianmihalko  路  3Comments
Funeoz picture Funeoz  路  3Comments
fluit105 picture fluit105  路  3Comments
verapex picture verapex  路  3Comments
jecoliho picture jecoliho  路  3Comments