Complete interview with H.D. Moore http://www.securityfocus.com/columnists/439
Metasploit 3 supports evasion options for almost every module. The evasion options are broken down by protocol and can be seen with the "show evasions" command in the console interface. A module that uses the SMB, DCERPC, and TCP protocols can benefit from over 15 different evasion options.
These options cover settings such as the maximum DCERPC fragment size, whether to obfuscate different SMB transactions, and how many bytes to send at a time in each TCP segment. Client-side modules, such as browser exploits, support compression, chunked encoding, and unicode obfuscation, in addition to any Javascript-based encoding implemented in the module itself. Web application exploits support all of the "standard" encoding methods (unicode, hex encoding, etc) in addition to things like header padding, junk relative directories, and pipelined requests.
One of the great things about the structure of Metasploit 3 is that adding a new evasion method rarely requires the modules themselves to be updated. It's even possible to develop a loadable plugin that implements new, unpublished evasion routines (and sell it, if you wish to do so).
0 comments: