May 29, 2018. Uses a Metasploit like interface to create a remote shell program that will bypass most Anti-Virus programs. Generating it into a test.exe file. Crypter is a software used to hide our viruses, keyloggers or tools from antiviruses so that they are not detected by antiviruses. Thus, a crypter is a program that allow users to crypt the source code of their program. Generally, antivirus work by splitting source code of application and then search for certain string within source code.
Some people asked me about how you can bypass all AV anti-viruses?
My answer is: very simple. But this is Secretly Technique and the most Pentester or hackers never share that for other people. They have their reason for that like me and I can tell you the most reason is because their methods and codes After share will detect by Anti-viruses Companies very soon.But I want to share one method for you all with C# programming and Encryption method.
Before I begin to describe that first I want to tell you all don’t ask me about where you can find C# Source Code for this document because in this link you can find that .
But if you have knowledge about Pentesting and Kali Linux and Metasploit Payloads for Backdoors also if you have knowledge for programming after this Document you can find more Source code in internet for do it.
Firstly: you should know about Antivirus and signature base Applications like AV.
Secondly: you should know about Linux base systems and Attacker Side by Kali Linux or other Linux OS for Pentest.
Thirdly: you should know about Windows Programming in this case C#.Net Programming.
In this case for this Document I focus to Programming by C# only and I am sorry I can’t teach everything in one document.
Remember : every Pentest Teams or Red Teams for bypassing your Security Defense Tools Like Antivirus or Firewalls Need to know how can bypass these applications in Layer 7 so this is very important for doing by them in Projects like Whitehat or Pentest Projects and Blackhat hacking attack so if your team or you have more than one technique for bypassing AV this is good point for you or your team also I want to tell you all this is not difficult for doing, trust me.
Bypassing AV by C# Encrypted payload Step by step:
Step 1:
as you can see in picture 1 I made Backdoor Payload with C type in kali linux and you can see we have hex code for backdoor.Why we use “reverse_tcp” payloads because this is best payload for bypassing Firewall with Incoming Block rules.
Step 2 :
you should encrypt this payload with one algorithm like “XOR or other Encryption methods” by one time or more than one time .
How ?
I made simple C# application with secret algorithm for encryption but I want to tell you can find more Source code for do it don’t worry.
As you can see in picture 2 I made C# code by vs.net 2015 but you can do it by all version of VS.NET.
in the picture 2 you can see one notepad file with payload.txt name, this file is our payload was creating when I used msfvenom tool in step 1.
In this step you should replace value for Payload Variable {0xfc , ….} by that payload.txt file on source code.
Step 3:
In picture 3 you can see output for this application also our encrypted Payload.
As you can see in picture 3 our encrypted payload started with “217,119,88….,82,12,210” Now we have one encrypted Payload it is means you can use that in backdoor.exe files safely because this payload Undetectable by Anti-viruses and only you have KEY for encrypt or decrypt this payload.
Step 4:
Now I need one C# code for Execute this Encrypted Payload in target computer .
As you can see in picture 4 I made this source code for execute Encrypted Payload by C# and in this source code I should replace value for Payload_Encrypted Variable by Encrypted payload like picture 3 also I should replace KEY value by KEY value I used in step 2 source code .
Note: your KEY in step 2 and step 4 is same it is means your KEY for Encryption and Decryption should be same.
In my source code in step 4 , I made code for getting Encrypted Payload by Arguments in command line so I can execute this exe file by typing encrypted payload like a string argument in command line like picture 5.
Example : C:> backdoor.exe “217,119,88,…….,82,12,210”
In this time encrypted payload will decrypt and execute in memory in target computer and if you have finished All steps correctly then you have meterpreter session by backdoor in kali linux in the attacker side like picture 5:
As you can see in picture 6 my anti-virus can’t detect this backdoor with encrypted payload.
Finally you can see all anti-viruses bypassed by this Technique .
anyway , i made one Forensics tool for Realtime detecting Meterpreter payloads in memory ;) with that Realtime Scanner you can find this backdoor in memory too you can find that in this link :
Related Video :
Source Code for Video : https://github.com/DamonMohammadbagher/NativePayload_Reverse_tcp/tree/master/Ebook%20-%20Chapter%202%20-%20Making%20Encrypted%20Meterpreter%20Payload%20by%20C-Sharp.NET
Related Article :
Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic
Antivirus and Signature Based Detection Methods Doesn't Work for Defense (Bypassing AVs again by NativePayload_Reverse_tcp Ver 2.0)
Detecting Meterpreter Undetectable Payloads by Scanning Memory
You should never have more than one security product installed on the PC providing active protection/scanning. This can cause performance issues, system instability, and can hinder the effectiveness all installed antivirus products.
You need to either uninstall MSE or uninstall McAfee. If you wish to to keep MSE, please thorughly review the following:
Check list for installing Microsoft Security Essentials
If you uninstall McAfee please use the McAfee Removal Tool to ensure all vestiges are removed from your computer.
Regarding your malware problems, recommend you try the suggestions of BrianM_12. If that doesn't work please see the following:
![Exe Bypass Antivirus Exe Bypass Antivirus](/uploads/1/2/4/8/124801792/310263196.png)
Recommend you seek assistance from MS Support:
If you are using Microsoft Security Essentials, you can get free help with malware removal here: https://support.microsoftsecurityessentials.com/ Then select “I think my computer is infected”. From there, select the email or phone option. You can also use the following link: http://supportservices.microsoft.com/support/services/virus_essentials
If you are NOT using Microsoft Security Essentials, you can get free help with malware removal here: http://supportservices.microsoft.com/support/services/virus_malware_removal
If you are in North America, you can call MS Support at 866-727-2338 for help with virus and spyware infections.
For international information see your local subsidiary support site.
Or, obtain assistance from your antimalware provider (Avast, AVG, Avira, McAfee, Norton, Trend Micro, etc).
Alternatively, try the following on-demand scanners:
Go to www.malwarebytes.org and download, install, update and run the free version – just follow the prompts.You may need to rename the installation file to 123.exe or something similar to prevent the malware from disabling/blocking the installation.
and/or
Try Superantispyware Portable at: http://www.superantispyware.com/portablescanner.html
and/or
Try the Eset Online Scanner: http://go.eset.com/us/online-scanner
Good luck...