Essay Example on Methods for the creation of some malicious payloads or Shellcode









UNDETECTABLE PAYLOAD Department of CSE Chalapathi Engineering college Abstract The aim of this work is to provide a description and a comparison of some methods for the creation of some malicious payloads or shellcode This payloads allow to creates a remotely access between the victim s Operating system and the attacker s operating system and onces the connection is successfully done we can access victims computer The security systems available on Operating system and antivirus systems invisible simultaneously to several security systems Keywords metasploit I Introduction 1 1 Virtual machines As mentioned systems that we want to bypass are mainly present in Windows operating Metasploit Metasploit is a penetration tool used for develop and executing exploit against a remote target Operating systems It is a sub link of Metasploit network that is a Operating systems security that provides information about security vulnerabilities in penetration Metasploit Was the largest database of Most tested exploits In a single line words Metasploit can be used to test the loopholes of Operating systems in order to protect them and on the other hand it can also be used to break into remote systems Meterpreter is a key to open locked key of the Metasploit Network that allows to Metasploit functionality in it and further target Some of functions include in it to cover your tracks it can target also memory data dump hashes access operating systems and much more Meterpreter is the most important tool in Metasploit and is good as a payload after a vulnerability is exploited 

For example when a loophole is found it is possible to access the exploit and select Meterpreter as the payload so it is created a Meterpreter shell into the system and likely the attacker can execute some shell commands TheFatRat TheFatRat is a tool to generate backdoor with msfvenom that is a part from metasploit as explained above This tool compiles a virus with popular payloads and then the compiled virus can be executed on Operating system Android This virus that is created with this tool exposes also the ability to bypass most Any software protection Metasploit offering a more easy and intuitive command line interface for using Msfconsole or creating a backdoor or a listener Searchsploit for finding easily a particular exploit PwnWind for creating some kinds of fully undetectable FUD backdoor To install this tool it is necessary to download its project from GitHub and to execute its python script After that it checks some requirements and dependencies in some cases it installs directly the tools that are not present at that moment on the machine but if a Kali linux is used most of these requirements are automatically satisfied Creating a FUD backdoor To create a backdoor FUD there are two choices Anyway results will be saved into a TheFatRat folder where it is also possible to change the default icon image to associate with executable created

Option number 2 of The FatRat interface is Create a FUD 100 backdoor involves backdoor creation providing the compilation of a C program with a Meterpreter reverse_tcp payload Furthermore to make it more untraceable it is possible to enable the correspondent FUD option Option number 6 of TheFatRat interface that is Create FUD backdoor 1000 FUD with PwnWind involves the additional use of PwnWind that allows to create a shellcode FUD in different languages So for this case study the chosen payloads are 1 id 2 exe file with reverse tcp payload most power full payload 2 id 21 exe file with reverse_tcp payload FUD 3 id 62 exe file with C PowerShell FUD 4 id 63 exe file with apache powershell FUD 5 id 64 exe file with C powershell chosen payload will be identified by their id number These payloads have been tested on all of the Windows machines proposed Windows 8 1 10 32 64 bit obtaining the same results Results Like the Last cases the executable was blocked by Operating system SmartScreen which carries out some checks on downloaded files from Internet These payloads are passed to the testing virtual machines downloading them from One Drive Dropdox Google drive and running them by double clicking through Operating system if payloads are execute through command line Operating system SmartScreen does not block their execution In this way its protection has been bypassed if these payloads are passed via shared folder or USB drive

Operating system SmartScreen has no control allowing virus also by double clicking on it Conclusion In this case study different tools and methodologies have been shown to create shellcode and Windows executables trying to evade some security systems such as antivirus systems and pre installed Windows systems Seeing an over to it I analysis of the results obtain we note that TheFatRat gives the best results creating a fully undetectable payload exe file with C and powershell that is recognized only by Kaspersky antivirus So in a social engineering this payload would easily bypass all the security systems installed on a victim machine if a virus is download from a link or a website and if it is execute through clicking on it only Operating system SmartScreen can recognize it as a virus and bypassing this defense can be seen as a future development References https gbhackers com malicious payload https www trendmicro com vinfo us security news security technology how can advanced sandboxing techniques thwart elusive malware https www veil framework com framework veil evasion

Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO