Bypassing a FULLY Patched Windows 11 + Defender with a Meterpreter Shell Using ScareCrow!

Рет қаралды 28,866

11 ай бұрын

Join the Hack Smarter community: hacksmarter.org
--- In a previous video, I demonstrated how to bypass Windows Defender with Hoaxshell. The downside of Hoaxshell is that it's a simple reverse shell. In this video, we completely bypass Windows Defender on Windows 11 and get a FULL Meterpreter Shell.
I make this as realistic as possible by performing the full attack from a malicious C2 Server I created in Azure with a Public IP address. We then attack my actual physical machine that I use every day. So, once again, I hack myself for your learning!
Enjoy!
--------------
Rhino Security Labs Discord: / discord
Work Smarter Discord: / discord
Twitch: hacksmarter.live/
----
Here's my GitHub script to download ScareCrow and all the required dependencies on Kali Linux:
github.com/TeneBrae93/offensi...

Пікірлер: 62

@pr0tagnist 11 ай бұрын

I like it man! Keep it up with these kinds of videos, they're really informative.

@emaadabbasi742 11 ай бұрын

Great video Tyler, keep up the great work!

@ErnestoVazquezChoby1000 Ай бұрын

Great video! Defender has come a long way from back in the day, would like to see more AV bypass with different av products

@Stephanus21 11 ай бұрын

Awesome video thank you Tyler.Keep up the good work.

@modhafferrahmani 3 ай бұрын

Love it, As a total noob I managed to bypass windows defender on the lab I am doing. I never thought I'd do it this quick. Thanks a bunch

@romanxyz7248 11 ай бұрын

Nice one Tyler. Keep it up.

@christopherbruns2849 3 ай бұрын

Great video! This technique works very well

@tuxmaster2715 4 ай бұрын

Outstanding video, thanks for sharing, u got a new sub

@firos5381 11 ай бұрын

cool love these new type of vedios keep it up i heard about this tool on another chanel months ago it worked then and i thnk it works now aso with some tinkering in payloads when needed

@firosiam7786 11 ай бұрын

Nice hope u post more red team evasion techniques and payloads

@jackalvarez6301 11 ай бұрын

it feels like fate that I found this video... lol been doing CS for a while and thought payloads were neat. three days later u post haha.

@ThaLiquidEdit 8 ай бұрын

Interesting video thanks!

@bandar8929 6 ай бұрын

Hey Man... I've tried many ways to get pass windows defender with payloads even your way didn't work out. is there any other way. Thanx

@dev.010 11 ай бұрын

nice video 👍

@rahuliyer5407 5 ай бұрын

Thanks a lot.... Sir, can you please make video on persistent windows backdoor??

@LivingCyberweapon 8 ай бұрын

So only if it’s an app you don’t already have, it won’t detect it? Because you already had CMD, but you did not have excel at first

@boomshoot4789 11 ай бұрын

Why when I try to open the file .exe in the windows machine it immediatly close? (I try different time)

@LoneStarBassPursuit 8 күн бұрын

Dang so is the mentor part still up and going?

@cm-memes2810 5 ай бұрын

just had one doubt , the cmd after the execution of the payload was just Open , and when the cmd is closed our reverse shell connection would also die. What can we do for this??

@FMisi 5 ай бұрын

Good question! In order to overcome this problem, we can set up an AutoRunScript to migrate our Meterpreter to a separate process immediately after session creation. > set AutoRunScript post/windows/manage/migrate > exploit

@policarpo565 9 ай бұрын

"Invalid PKCS7 Data (Empty or Not Padded)" - How i fixed?

@coopergaffney2012 11 ай бұрын

Didn't work, tried a few different file names they all got picked up right away or wouldn't run at all. Guess im glad AV picked them up though

@cuongnguyenquang2265 Ай бұрын

i am having problem i tried to convert python file to exe the first few times it was fine but the next few times it was considered a threat by windows defender even though i didn't edit the code

@bitcion8740 8 ай бұрын

Hello my friend, I need to merge Android with another program. I encountered problems in the Windows system.

@shadowsalah1484 6 ай бұрын

but the victime should be in my network ??

@Iampopg 2 ай бұрын

Can the scarecrow works on .exe also instead of .bin

@frenzychulo103 3 ай бұрын

This is crazy

@hiddengo3232 11 ай бұрын

How to evade heuristic based detection

@nivkochan8596 11 ай бұрын

The windows defender of windows 10 is blocked it and that didn't work for me...

@TylerRamsbey 11 ай бұрын

Sometimes you need to try a few different payloads 🙂

@CoryResilient 4 ай бұрын

Can you make sn uodate vidoe and find a new method that actually works. Thisbone doesnt work anymore. As it always changes or maybe explain in detail how one can do this and just altar the payload in dofferent ways to make it ubique and just show us a general idea of how to altar it.

@savernastemper569 7 ай бұрын

You can’t compromise multiple device at once

@mdshahinur9271 6 ай бұрын

my defender keeps detecting it. Any solution?

@HERESPILOT 6 ай бұрын

make 5 .bin using msfvenom. Then make 5 exe using Scarecrow. when you download them a few mite get removed but 1 or 2 will bypass. i tested this they bypass runtime and scan time. leave real time protection turned on but turn off cloud delivered and automatic sample submission. soon as you have done ur testing then you can turn them back on. ive had 5 payloads on my fully patched windows 11 for around 4 days now

@yoga9869 25 күн бұрын

It doesn't work, I did a lot of experiments and the result was the same

@jeavila80 11 ай бұрын

would like to see you running "getsystem" and check if it stays alive lol

@axellonda5638 11 ай бұрын

lol

@axellonda5638 11 ай бұрын

You must to escalate privilige before ;)

@jeavila80 11 ай бұрын

@@axellonda5638 Regarding the "getsystem" command in Metasploit, it is used to escalate privileges on a compromised system. It attempts various methods to gain SYSTEM-level access, such as abusing token impersonation privileges or exploiting vulnerabilities. And what I meant is that even if you manage to bypass the AV, if the AV has behavioral detections etc... it will kill the session once you run it.

@AtifKhan-gm8wn 10 ай бұрын

But after 1 minute the defender dedact the payload 😢

@nick.zkaynl7 6 ай бұрын

Really???

@chochoize 3 ай бұрын

1 minute should be all you need to setup a backdoor

@Yonid4rkiHaziza 11 ай бұрын

marked as malicious even before executing on win10 defender.... alittle shitty obfuscation i'd say.

@TylerRamsbey 11 ай бұрын

That's part of the av evasion game! Have to tweak the payload accordingly. Read the ScareCrow docs :)

@sainsql 9 ай бұрын

doesnt work, defender detect

@lovedoraemon2390 9 ай бұрын

This framework should be modified instead of just using it straightly，if you wanna make it work fully,you should read the code,and figure out whats going on there,and do you own stuff.

@TylerRamsbey 9 ай бұрын

I created a new tool that fully bypasses AV. Original research will be released as a blog post and video in the near future :)

@billbronk1745 7 ай бұрын

@@TylerRamsbeycould you please respond to the issue “ Invalid PKCS7 Data (Empty or Not Padded)?

@G0DsLion 7 ай бұрын

Algorithm

@kunalmahato7880 2 ай бұрын

Bro my defender kiscked them all

@imveryhungry112 3 ай бұрын

Im too dum to understand any of this material.

@homayoonfayaz1241 11 ай бұрын

for me not works thanks for sharing

@TylerRamsbey 11 ай бұрын

Just like in the video, you may get blocked a few times -- through trial and error you will find one that works :)

@keathonwilliams6673 11 ай бұрын

It's part of the game man. You might have to make tweaks to existing exploits succeed.

@user-ih6mo5vy9h 11 ай бұрын

Lies. Nothing but a hoodie and lies

@TylerRamsbey 11 ай бұрын

Never trust someone in a black hoodie 🤣

@passyweb6495 3 ай бұрын

fake that not work

@joby9790 3 ай бұрын

8 months ago

@lucamattioni6470 Ай бұрын

lmao obviously it gets patched after a while

@user-kv3nt7fc8s 6 ай бұрын

please help me , fatrat not working fatrat /usr/local/sbin/fatrat: line 2: cd: /root/Documents/Backdoor/TheFatRat: No such file or directory

@valentinrigourd6709 10 ай бұрын

this one doesnt work all is detect