It is possible to hide your RAT/keylogger stub without a crypter! As penetration testers we need sometimes to hide the PE payload from the Anti Virus (AV) Engines . For this we end up either using the paid Crypters that basically Encrypt the payloads or finding a technique that can make the malicious executable Fully Undetected .
This means evading the Anti Virus is either Time Consuming or we end up spending money. And the worst part is that this Fully Undetected EXE will only evade AV only for sometime as sooner or latter the engine will be updated .
The following technique will try and evade the AV engines to an extent . But there is no grantee for FUD until you are using your own server .
This is just to encrypt the EXE , so possibly the Scan Time FUD for a known binary .
Crypting EXE Tutorial
Step 1 : First, we need to fire up CMD (command Prompt) in your system.
To do that press WIN + R to start Run
Type CMD.
Hit Enter
Step 2 : Now use CD to go to the directory your stub (Binary/EXE) is placed. This is the file you want to encrypt .
Step 3 : Now Type
Step 4 : In the same CMD type iexpress
This will open a GUI window dialog Box .
Step 5 : Follow the Steps in the Iexpress Dialog Box
This is it . Now the EXE is encrypted by the Free windows utility . What exactly happened here is that the code of the EXE has been encrypted i.e made complex and therefore difficult for the AV engine to read . The other use i can think for this tutorial is to make the code of your legit program scrambled so that it is difficult to be read or reverse engineered .
No comments :
Post a Comment