Generating payloads is just the first step; nowadays security products, such as Intrusion Detection Systems (IDSs), antivirus and anti-malware software, can easily pick up the shellcode generated by MSFvenom. To help us evade security, we can use encoders to encode our shellcode.
Encoders
How to do it...
- By using MSFconsole with the show encoders option, or by browsing to the /usr/share/metasploit-framework/modules/encoders/ folder in our Kali Linux machine, we can see all the encoders available on the Metasploit Framework:
msf > show encoders
- To encode one of our previous payloads, we simple add the -e option, followed by the encoder we want to use, and, if we so choose, we can use the -i option, followed by the...