Monday, 7 April 2014

Hiee..everyone...
today i " ll tell you  one more thing that will enhance your knowledge regarding the bypassing of anti-virus security..!!

we"ll study the Concept of Code Injection - Ingeneric way to bypass AV(ANTI-VIRUS)...
 
We know that the exe files are going to detected by AVs. So we have to think in a another way...:-

And the another way is to : split the exe into two parts (not physically ofcourse)...
  1. The core code (the actual code that performs a specific task for eg. Bind shell
  2.   The interface - a mechanism that will inject the code into memory and execute that code.
So the functioning is something like this:
 
Injector
 
NOTE: U may be thinking that why I am saying encoded shellcode because if I use metasploit shellcodes there signatures may be in AVs. If I encode the shellcode with any available encoder in metasploit then AVs not able to decode it in a file and not able to detect it (if you don't understand it read the whole stuff again ...PLZZZ..?). Although in some cases (Eg. Avast may be with others also) AV not alert if you use shellcodes that are not encoded because AV think that txt file are lame files. But if you force fully scan the file than AV alert.

Second part of the concept is the interface that will inject the code into a process. Code injection is not a new concept (dll injection is one of the most popular example).

Note: All the things are generic and are not specific to any tool or shellcodes. Metasploit and shellcodes are used only to demonstrate the concept. You can also inject your codes "that are Undetectable to AV in exe mode" with this method and can bypass AV.

Things that you can do with this method:
  1. Can backdoor a process...
     2.Can provide many backup shells (every type)..    


so this is all u can do...I can do with the code injectors.....!!

Stay Smart ....At Smart..!!




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)