Msfvenom from Metasploit helps you to generate shellcode in different formats such as "c", "python", "ruby", "dll", "msi", "hta-psh" to inject the shellcode generated into one template and work with encrypted payloads.

The python function will execute the shellcode into ram and uses compilers like gcc or mingw32 or pyinstaller to build the executable file, and will start a Metasploit multi-handler session to receive the remote connection.

Source: github.com


HOW TO INSTALL VENOM
# Download framework from github
git clone https://github.com/r00t-3xp10it/venom.git

# Set files execution permitions
cd venom
sudo chmod -R +x *.sh

# Install dependencies
cd aux
sudo ./setup.sh

LAUNCH VENOM
sudo ./venom.sh

Once the tool has been launched, it will prompt you to press "Enter" to continue to proceed with further options.

bypass-antivirus-detection-with-encrypted-payloads-using-venom

The next screen will show you the information about the Option Built, the target machine, the payload format, and the and output. There is 7 different type of option builds shellcode listed. We are going to use the shellcode "number 4" for this demonstration.

bypass-antivirus-detection-with-encrypted-payloads-using-venom

Simply choose the Venom shellcode "number 4" and press "enter" to continue.


PAYLOAD CONFIGURATION

You will need now to choose your agent referral. For this payload, Venom offers you two options. Select the one that you want to use between Android and IOS. On our side, we will select the agent "number 1" for this demonstration.

bypass-antivirus-detection-with-encrypted-payloads-using-venom

We will need now to set up the localhost IP address along with the local port. Now enter your local machine IP address and local port which will be used by the payload for listening. For your information local IP address and local port are always referred to as "LHOST" and "LPORT" exactly like Metasploit.

bypass-antivirus-detection-with-encrypted-payloads-using-venom

bypass-antivirus-detection-with-encrypted-payloads-using-venom

It's now the time to give a name to our payload which will be used to save it and to define the way we want the payload to be delivered.

bypass-antivirus-detection-with-encrypted-payloads-using-venom

bypass-antivirus-detection-with-encrypted-payloads-using-venom


LAUNCH THE ATTACK

At this stage, we can say that you are almost done! A new terminal will automatically start a session of Metasploit allowing you to conduct your attack with the encrypted Payload.

bypass-antivirus-detection-with-encrypted-payloads-using-venom