Description: Its a Bash script based on my research paper on exploit-db.It uses the technique of launching shell-code directly on the target machine using syringe.exe utility. I suggest you to read the paper for more info
Download link: https://code.google.com/p/syringe-antivirus-bypass/
Based on: http://www.exploit-db.com/wp-content/themes/exploit/docs/20420.pdf
Tags: syringe , antivirus , bypass , hasan , inf0g33k ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Anti Virus Alert
The URL you are trying to access has been blocked as it contains the malware " TR/Swrort.A.6324"
URL : 199.91.154.132/duek34iootvg/kamwdi4ci96c2q7/Av+bypass.rar
getting this message while downloading from mediafire..who said its undetectable ...
so not able to download it:(
The problem I see right of the bat is this will backdoor will only work on an internal lan that you have BT connected to, if one needs to have this payload connect back over the internet to a public IP and over lets say port 443 would the following modification to the syringe.sh file solve this issue or did i remove to much code in the second line after the ourIP=$( ?
export interface=eth0
export ourIP=$(75.150.34.62)
export port=$(443)
@sparsh That's the only official download link and its a tar file, from where you are downloading this rar file? and at the time of the submission of this paper it was not getting detected by any antivirus and re compiling the syringe.exe will make it un detectable again i think.. still its bypassing most antivirus programs.
@Hack_Nacked yeah right. I made it with the lan access in mind.. its just a one page of code so very easy to edit..
@sparsh link https://code.google.com/p/syringe-antivirus-bypass/downloads/list
I tried following the method on the paper( not using the bash script). I got a meterpreter session when i run the backdoor.bat but no session on running the backdoor.exe. The MakeExeFromBat.bat also showed no errors on generating the backdoor.exe.. what could be the problem?
"export ourIP=$(75.150.34.62)"
"export port=$(443)"
Not necessary. Just insert "75.150.34.62" and "443" where $ourIP and $port is on line 15 of the code. Trying to come up with a way of using "curl ifconfig.me" in this script.