AnsweredAssumed Answered

Payload detected

Question asked by robboman on Dec 15, 2011
Latest reply on Feb 28, 2012 by pentestitde

1 last question about exploting a box with the java rhino exploit

 

I can now succesfully exploit both local and PC outside the netwerk.
To see how  an antivirus would react i installed Panda cloud AV on my win-7 VM.

 

I tested with some Av's and they seem to find the payload instead of the exploit itself.

Metasploit runs in the memory correct? It does not touch the hard-disk?

 

Panda detected the payload 'Windows/Meterpreter/reverse_tcp'

I tried 'Java/Meterpreter/reverse_tcp' and it bypassed Panda.

 

I then tried to encode the payload. I used the command 'set encoder shikata_ga_nai'.

Does this command encode the payload, the exploit, ore both?

I heard shikata_ga_nai is the best encoder to use, is this correct?

 

I also heard about combining multiple encoders, ore encoding it multiple times. How could i do that?

Are there any other ways to avoid Av's using this kind of payload?

 

Thanks a lot!

Outcomes