So I get it that exploit is just a way to get payload in...
So lets just say that we're making a normal exe or apk without an specifying an exploit... that means we r not using an exploit and user is on his/her own installing payload right??
If yes... then how do we make custom payload so that the payload doesnt get detected by av??
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Find Passwords in Exposed Log Files with Google Dorks
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Dox Anyone
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Exploit WebDAV on a Server & Get a Shell
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
How To:
The Top 80+ Websites Available in the Tor Network
How To:
Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers
How To:
The Essential Skills to Becoming a Master Hacker
How To:
Conduct Wireless Recon on Bluetooth, Wi-Fi & GPS with Sparrow-wifi
How To:
Attack a Vulnerable Practice Computer: A Guide from Scan to Shell
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Spy on Traffic from a Smartphone with Wireshark
4 Responses
Yes, if you make just a payload without using an exploit, the target needs to open it on their pc (depends on the format, it could be an executable file for example). About the AV detection, lately I've been using the custom template option for msfvenom (I just get a copy of some built-in Windows app like paint and use it as a template) in combination with shikata_ga_nai encoding with a few iterations and it seems to bypass the AV installed on my VM.
It will be easier if you make it yourself. That way it won't have a generic signature known by a lot of AVs....I make my own with python and use pyinstaller to make it an exe..so I can't really help with the apk...but technic dynamic has got cool backdoors with cool features you can download that on his website...they help a lot :D
So you can only encode or change payload to another language? ? Cant u make your own payload or shall I say 0day payload??
Veil-Evasion is a good tool to use.
Share Your Thoughts