Avoiding AntiVirus Detection - Lame Way

In most of pentest engagement we tend to upload the clean web-shells in order to prevent customer getting backdoored by our malicious webshell which we download from internet. Most trusted webshells which I personally use and ask others too is FuzzDB. Pretty basic webshells, but it helps to prove the vulnerability and its impact to customer. But since the release date of FuzzDB, most antivirus companies got the signature for most of them and flag it as malicious, in turn blocking us from uploading/executing the same.

Lets just scan, how malicious is our sample webshell i.e.: cmd.asp
Oops the clean webshell is detected as malicious, with pretty high detection ratio. (27/55)

Come on now lets just strip-off the below developer comments from webshell and try it again.

cmd.asp = Command Execution
by: Maceo
modified: 25/06/2003

Ohh now we have some less detection ratio compared to earlier case. (10/55)

We still have hope, to decrease the detection ratio more. Lets try replacing the function names and trying again.

Below is sample of find and replace game.

 Voila, we decreased the detection ratio too low. (1/55)

Reference:- https://code.google.com/p/fuzzdb/
Got the thought about this from : https://www.offensivebits.com/?p=89


  1. Located in Hatfield, Pennsylvania, we Slippers specialize in high-precision, high-volume plastic part manufacturing. While plastic injection molders will help you decide the scale of the machine needed to get one of the best end result, a project designer or engineer will get a good estimate based on some fundamental data. By knowing roughly what dimension machine will be required, have the ability to|you possibly can} higher supply a plastic injection molder that may meet your wants. Leadway injection molding machine attends Chinaplas 2019 , our sales space No HALL 12.1 C21.


Post a Comment

Popular Posts