automatic module_metadata_base.json update

2018-10-07 06:50:00 -07:00 · 2018-10-07 06:50:00 -07:00 · 7327fa8252
parent 2a985e76b6
commit 7327fa8252
1 changed files with 67 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -43792,6 +43792,73 @@
    "notes": {
    }
  },
+  "evasion_windows/windows_defender_exe": {
+    "name": "Microsoft Windows Defender Evasive Executable",
+    "full_name": "evasion/windows/windows_defender_exe",
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "evasion",
+    "author": [
+      "sinn3r <sinn3r@metasploit.com>"
+    ],
+    "description": "This module allows you to generate a Windows EXE that evades against Microsoft\n        Windows Defender. Multiple techniques such as shellcode encryption, source code\n        obfuscation, Metasm, and anti-emulation are used to achieve this.\n\n        For best results, please try to use payloads that use a more secure channel\n        such as HTTPS or RC4 in order to avoid the payload network traffic getting\n        caught by antivirus better.",
+    "references": [
+
+    ],
+    "is_server": false,
+    "is_client": true,
+    "platform": "Windows",
+    "arch": "x86",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": [
+      "Microsoft Windows"
+    ],
+    "mod_time": "2018-10-06 16:04:07 +0000",
+    "path": "/modules/evasion/windows/windows_defender_exe.rb",
+    "is_install_path": true,
+    "ref_name": "windows/windows_defender_exe",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
+  "evasion_windows/windows_defender_js_hta": {
+    "name": "Microsoft Windows Defender Evasive JS.Net and HTA",
+    "full_name": "evasion/windows/windows_defender_js_hta",
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "evasion",
+    "author": [
+      "sinmygit",
+      "Shelby Pace"
+    ],
+    "description": "This module will generate an HTA file that writes and compiles a JScript.NET file\n        containing shellcode on the target machine. After compilation, the generated EXE will\n        execute the shellcode without interference from Windows Defender.\n\n        It is recommended that you use a payload that uses RC4 or HTTPS for best experience.",
+    "references": [
+
+    ],
+    "is_server": false,
+    "is_client": true,
+    "platform": "Windows",
+    "arch": "x64",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": [
+      "Microsoft Windows"
+    ],
+    "mod_time": "2018-10-06 16:04:07 +0000",
+    "path": "/modules/evasion/windows/windows_defender_js_hta.rb",
+    "is_install_path": true,
+    "ref_name": "windows/windows_defender_js_hta",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_aix/local/ibstat_path": {
    "name": "ibstat $PATH Privilege Escalation",
    "full_name": "exploit/aix/local/ibstat_path",