How to Exploit Windows 10 Using bf_xor Encoders in Metasploit
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source2 Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
msfencode is another great little tool in the framework's arsenal when it comes to exploit development. Most of the time, one cannot simply use shellcode generated straight out of msfpayload. It needs to be encoded to suit the target in order to function properly. This can mean transforming your shellcode into pure alphanumeric, getting rid of bad characters or encoding it for 64 bit target.
It can also be instructed to encode shellcode multiple times, output the shellcode in numerous formats (C, Perl, Ruby) and one can even merge it to an existing executable file. So most of the time this tools is used in conjunction with msfpayload.
What Is "bfxor" encoders?
This tool permit to evade any antivirus products. It use a brute force attack on a known plain text to bypass the sandbox.