Ok so ive been getting a little confused here.. I read that 0day exploits are the best and undetectable by av... I see the word "exploit" and what comes to my mind is that it takes advantage of a vulnerability to install our payload..
Forum Thread:
Gaining Access into the Victim's Whatsapp on Android
12
Replies
Forum Thread:
Whatsapp Hack?
19
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Dox Anyone
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Intercept Images from a Security Camera Using Wireshark
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Brute-Force FTP Credentials & Get Server Access
How To:
Easily Detect CVEs with Nmap Scripts
How To:
Set Your Wi-Fi Card's TX Power Higher Than 30 dBm
How To:
Use the Buscador OSINT VM for Conducting Online Investigations
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Brute-Force Nearly Any Website Login with Hatch
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Use Ettercap to Intercept Passwords with ARP Spoofing
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How To:
Use SpiderFoot for OSINT Gathering
13 Responses
I don't feel like I can construct a comprehensive answer to this question because I'm a dumbo, so let's hope someone else gives you a nice answer. Meanwhile, I can give you probably one of the worst analogies ever: I like to think of the payload as a bomb, the exploit is a truck, and the encoding part is like a box. We put the bomb in a few different boxes (number of boxes = number of iterations (even though iterations are more like a single box with a changing shape)), put the massive box in the truck, deliver the truck to the given destination (the boxes are hiding the bomb from being seen so it can slip by easily) and then we crash the truck into the target building's wall so we make a hole and we kinda "push" the boxes and the bomb all inside the building and then detonate it from afar. I don't know if this has been any helpful, I really hope it was :D
EDIT: If anyone finds any mistakes in my logic, please address them below, it would be helpful for me too.
Loved this answer :)
Thanks, tried my best :D
Give this man a cookie.
Can I say I love that.. and you...
I already knew about that bomb and wall and everything... but the box was lovely... but I still dont get that changing shape thing?? Whats that about...
EDIT - and also you didnt answer about the av... really need an answer on the av
Okay so about the changing shape thing and the AV, let's say that while we are travelling we get stopped by the police (or the AV in this case) and they are trained to check for clues for dangerous stuff on the trucks (like a small emblem on the box in which the bomb is placed that says "TNT" (in this case the antivirus software is "trained" to look for specific signs that there might be something dangerous in a file on a PC for example)), when we encode the payload, imagine that we are "swiping off and blurring" the emblem on the box that says "TNT" so it can no longer be read as something dangerous (more iterations = more swipes and amount of distortion of the "TNT" emblem) (no police officer in this case is gonna look at the box saying for example "UFT" (distorted "TNT" text) and think that there is something dangerous about it)). I think that's most of it covered, hope I helped :D
EDIT: I figured that a text-changing analogy instead of a shape-changing one might prove more sufficient for the logic that I'm trying to construct. Also don't trust what I say too much as I'm no way near an experienced person in this field and it'd be better if you wait to see if someone corrects anything of the above things before letting the analogies dwell in your brain :D
Literally the best analogies I've heard in my life.
Thanks AppleDash :D
Haha no problem :D
Thanks everyone... that was lovely...
So how many max iterations are safe to use??
I saw a tutorial... they said to use 200 lol... but how much maximum should I use??
AV looks for patterns in known exploits and payloads. A custom exploit and payload is less likely to be detected. But AV does (I believe) look for certain patterns (/bin/sh, NOP sleds). So using a new custom exploit and payload that is encoded will work a lot better than an old exploit and payload that is encoded.
Share Your Thoughts