Forum Thread: How to Make FUD Persistence After Meterpreter Session ?

hello again,

to make a FUD payload we can use ,msfencod or veil-framework or shellter, and we can get the meterpreter session successfully...,

after the meterpreter session ,when we try to make Persistence using metasploit , it is always caught by AV soft wares,

so my questions is "How to Make FUD Persistence After Meterpreter Session ? ? ?"

( P.S. : Ii know , we can kill the AV after the meterpreter session, but then victum will be notice it , )

6 Responses

On your last note though,I don't think the killav.rb script works anymore in our modern day and age as I believe all antiviruses has some kind of "self-protection-module" that prevents tampering with the processes,the services,files,registry and whatnot.

thanks for comment "TRINITY"

but using "sc queryex" and "taskkill" commands , we can stop services of AV, so i don't think it is impossible to stop AV services in meterpreter session, (correct me if i wrong)

but when we stop the AV services , victim will notice it, so is there any whey to make FUD Persistence without stop AV ,

Use a rootkit. It'll solve all your problemszszsz.

Be sure to put it in the /rootkit folder though

Nope it's possible.
However if you use the kill method in meterpreter, AV's will notice.
That's why I use taskkill /f /im <process> from the computer's shell.
Of course thats why you would need admin privileges.

Then I start to wipe the files associated with the AV, if access is denied then you can rename it move it.
Works for Malwarebytes Anti-Virus, Avast, and AVG.

I started a YouTube series. I hope you support it! The series will show you how to make an FUD persistence after meterpreter session. First video is here :

Share Your Thoughts

  • Hot
  • Active