Hello guys, the answer might be obvious to some, but i'm lost right now.
I made a payload with Veil-Evasion it's reversetcp and i used aesencrypt and xor encoder, i tried binding it with another program using Shellter (binding with no errors) and when i run it on my computer the meterpreter sessions doesn't work, i used the payload by itself on my virtual machine and it worked perfectly.
If anyone could give me any help i'll be gratefull, thank you
3 Responses
When creating the payload with veil evasion, what file extension did you choose? From what I understand if you use a custom payload on Shellter it needs to be a raw file.
May I ask why you are creating your own payload and not one Shellter already has?
Have you thought about creating the custom payload with Metasploit? If not, to do this type use payload/payloadyouchoose/ set your Lhost and Lport then generate -p windows -f filename -t raw
I didn't create the payload with shellter because it's highly detected, with metasploit it's even more detected and the file extension i used i believe is python ( i compiled it with pyinstaller) When you say it needs to be a raw file, what do you mean ? Like a blunt exe ? If it is then yes. Thanks for taking your time to help me
What exe are you using to bind to? That is why Shellter doesn't work correctly. You are probably using a known malicious exe file. If you choose a different exe, Shellter should prevent AV detection from most AV. I personally create my own blank exe file with Iexpress in Windows. As long as the file is not uploaded to Virus Total, it should be undetectable. (If you want to test the file use http://nodistribute.com )
And my point about it needing to be a raw format is when choosing to select the Custom payload in Shellter instead of using the listed payloads. I may be wrong but the payload needs to be a raw file, one without a file extension but contains the payload information. You can look in the Sample Payload folder within Shellter to know what I mean. You shouldn't need to use a custom payload unless you are wanting to use a payload that is not listed, such as reverse tcp dns.
Share Your Thoughts