My goal is to obfuscate metasploit windows payloads' assembly code (adding junk code to the payload itself), then adding the obfuscated shellcode to inline assembly in C. The issue is there is no format command line argument (-f) that provides an asm option. Does anyone know how to output only the assembly code of the payload rather than the opcodes/hex bytes? Is there a simplistic way to achieve this?
Asked
Active
Viewed 467 times
1
pokkery98
- 11
- 1
-
Thats still gonna get caught by defender – yeah_well Dec 27 '20 at 08:46
-
I have a million different ways to bypass windows defender, this would certainly help in AV evasion, especially when used in conjunction with various other techniques. – pokkery98 Dec 27 '20 at 10:07
-
Use a disassembler on the PE output? – multithr3at3d Dec 27 '20 at 18:19
-
Which disassembler on linux would be useful? I know I could use this for linux binaries but I'm clueless on how to extract the asm code from a PE. – pokkery98 Dec 27 '20 at 19:34
-
x64dbg should do it. – yeah_well Dec 27 '20 at 20:03
-
If someone could provide an example I'll accept the answer. – pokkery98 Dec 27 '20 at 23:01
-
The issue is when disassembling with objdump or IDA, windbg etc you don't get the core payload you have to sift through the .text segment to find such, is there a more comprehensive and simplistic method to do this? – pokkery98 Dec 27 '20 at 23:54