hello again,
to make a FUD payload we can use ,msfencod or veil-framework or shellter, and we can get the meterpreter session successfully...,
after the meterpreter session ,when we try to make Persistence using metasploit , it is always caught by AV soft wares,
so my questions is "How to Make FUD Persistence After Meterpreter Session ? ? ?"
( P.S. : Ii know , we can kill the AV after the meterpreter session, but then victum will be notice it , )
6 Responses
On your last note though,I don't think the killav.rb script works anymore in our modern day and age as I believe all antiviruses has some kind of "self-protection-module" that prevents tampering with the processes,the services,files,registry and whatnot.
thanks for comment "TRINITY"
but using "sc queryex" and "taskkill" commands , we can stop services of AV, so i don't think it is impossible to stop AV services in meterpreter session, (correct me if i wrong)
but when we stop the AV services , victim will notice it, so is there any whey to make FUD Persistence without stop AV ,
Use a rootkit. It'll solve all your problemszszsz.
Be sure to put it in the /rootkit folder though
Nope it's possible.
However if you use the kill method in meterpreter, AV's will notice.
That's why I use taskkill /f /im <process> from the computer's shell.
Of course thats why you would need admin privileges.
Then I start to wipe the files associated with the AV, if access is denied then you can rename it move it.
Works for Malwarebytes Anti-Virus, Avast, and AVG.
I started a YouTube series. I hope you support it! The series will show you how to make an FUD persistence after meterpreter session. First video is here : https://youtu.be/Y5F1I2lqu38
Share Your Thoughts