2 Replies Latest reply on Feb 28, 2012 3:30 PM by pentestitde

    Payload detected

      1 last question about exploting a box with the java rhino exploit


      I can now succesfully exploit both local and PC outside the netwerk.
      To see how  an antivirus would react i installed Panda cloud AV on my win-7 VM.


      I tested with some Av's and they seem to find the payload instead of the exploit itself.

      Metasploit runs in the memory correct? It does not touch the hard-disk?


      Panda detected the payload 'Windows/Meterpreter/reverse_tcp'

      I tried 'Java/Meterpreter/reverse_tcp' and it bypassed Panda.


      I then tried to encode the payload. I used the command 'set encoder shikata_ga_nai'.

      Does this command encode the payload, the exploit, ore both?

      I heard shikata_ga_nai is the best encoder to use, is this correct?


      I also heard about combining multiple encoders, ore encoding it multiple times. How could i do that?

      Are there any other ways to avoid Av's using this kind of payload?


      Thanks a lot!