Skip to content

meterpeter v2.10.8 - Amsi String Detection Bypasses

Compare
Choose a tag to compare
@r00t-3xp10it r00t-3xp10it released this 11 Mar 14:39
· 1331 commits to master since this release

ss


:octocat: Project Description
meterpeter - This PS1 starts a listener Server on a Windows|Linux attacker machine and generates oneliner PS reverse shell payloads obfuscated in ASCII | BXOR with a random secret key and another layer of Characters-Variables Obfuscation to be executed on the victim machine (The payload will also execute AMSI reflection bypass in current session to evade AMSI detection while working). You can also receive the generated oneliner reverse shell connection via netcat. (in this case you will lose the C2 functionalities like screenshot, upload, download files, Keylogger, AdvInfo, PostExploitation, etc)


:octocat: Version v2.10.8 - Update Description
This update fixes anti-virus windows defender AMSI String flagging detection on 'meterpeter.ps1' main script and in 'Screenshot function'.
The follow modules have been modified to bypass detection: 'CredsPhish.ps1', 'DarkRcovery.exe', 'Keylogger.ps1' and 'GetBrowsers.ps1'.
av3


:octocat: Project Quick Jump Links


:octocat: Repairing Bug Reports (issues)

Module Description issue Status
meterpeter.ps1 Main script Flagged by AMSI String Detection Fixed
Keylogger.ps1 Capture system keystrokes Flagged by AMSI String Detection Fixed
GetBrowsers.ps1 Enumerate Installed Browsers Flagged by AMSI String Detection Fixed
CredsPhish.ps1 Spawn user for valid credentials Flagged by AMSI String Detection Fixed
DarkRcovery.exe Dump browsers credentials Flagged by AMSI String Detection Still Flagging Detection

meterpeter v2.10.3 Video tutorial

esc

📟 ⚡ meterpeter - v2.10.3 release - Video Tutorial (Under Windows Distro) ⚡ 📟


☠ Suspicious Shell Activity (RedTeam @2021) ☠