Using encoders to avoid AV detection
In Chapter 6, Client-side Attacks with Metasploit, we have already seen how to use the msfvenom utility to generate various payloads. However, these payloads if used as-is are most likely to be detected by antivirus programs. In order to avoid antivirus detection of our payload, we need to use encoders offered by the msfvenom ;utility. ;
To get started, we'll generate a simple payload in the ;.exe ;format using the shikata_ga_nai ;encoder, as shown in the following screenshot:
Once the payload has been generated, we upload it to the site http://www.virustotal.com for analysis. As the analysis is completed, we can see that our file apache-update.exe ;(containing a payload) was detected by 46 out of the ;60 antivirus programs that were used. This is quite a high detection rate for our payload. Sending this payload as-is to our victim is less likely to succeed due to its detection rate. Now, we'll have to work on making it undetectable from as many antivirus...
