Forum Thread: Evading AV QuestioN

Evading AV QuestioN

Hello guys Sodacni Here,

In a VM enviromnent I sucessfly bypassed AV with a c sharp exe in windows 8.1 x64 with veil-evasion, got a session, but the problem was when i wanted to make the backdoor persistent, i run the persistence msfconsole command says that installed everything ok, but in reality AV blocked some VBS files in the process, so on reboot i dont get a new connection. any ideas?

2 Responses

You could try working with the registry yourself. The startup folder is an option in Windows too, but it'll be quite obvious if your target chances to look there.

Quite a few, yes. The integrated meterpreter persistence script is pretty unused since it delivers a bare payload (no encryption, no obfuscation) and hence is detected immediately. Try using exploit/windows/local/persistence and setting the advanced option EXE::Custom to a payload that you are sure about (encoded, undetectable). This way it will modify the registry just as the script does, however it will point to a payload that is much less detectable. -Ne py

Share Your Thoughts

  • Hot
  • Active