Avoiding Detection
107
flag, when the payload is executed, the target will not see a console window.
Paying attention to these little details can help you remain stealthy during an
engagement.
Figure 7-5: AVG declares the payload safe and the computer secure.
Packers
Packers
are tools that compress an executable and combine it with decom-
pression code. When this new executable is run, the decompression code
re-creates the original executable from the compressed code before execut-
ing it. This usually happens transparently so the compressed executable can
be used in exactly the same way as the original. The result of the packing pro-
cess is a smaller executable that retains all the functionality of the original.
As with
msfencode
, packers change the structure of an executable. How-
ever, unlike the
msfencode
encoding process, which often increases the size of
an executable, a carefully chosen packer will use various algorithms to both
compress and encrypt an executable. Next, we use the popular
UPX
packer
with Back|Track to compress and encode our
payload3.exe
payload in attempt
to evade antivirus software detection.
root@bt:/#
apt-get install upx
. . . SNIP . . .
root@bt:/#
upx
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2009
UPX 3.04
Markus Oberhumer, Laszlo Molnar & John Reiser
Sep 27th 2009
Usage: upx [-123456789dlthVL] [-qvfk] [-o file] file..
. . . SNIP . . .
Type 'upx--help' for more detailed help.
UPX comes with ABSOLUTELY NO WARRANTY; for details visit http://upx.sf.net