«

»

Aug 15

Old Incognito binary not working? or being eaten by AV? Then make your own

The original incarnation of Incognito has been around for a while it’s now a little dated and also picked up by the vast majority of Anti-Virus vendors.

With this in mind I was intrigued by post by Josh Stone who has done a nice write up on creating an Incognito binary via the Metasploit Framework source code (and one small addition):

http://www.josho.org/blog/blog/2012/12/04/homegrown-incognito/

Quick Start:

Download the following files from the meterpreter GitHub repository or from a local metasploit framework install:

list_tokens.h, list_tokens.c, token_info.c, token_info.h, incognito.h

and download main.c from Josh’s site.

Then compile yourself up a new version making some subtle changes to original source code and it’s unlikely your shiny new tool with ever get picked up by AV:

gcc -o Incognito.exe main.c list_tokens.c token_info.c 

It’s also worth mentioning that MWR Labs have updated Incognito to version 2.0 (with source code available) so this is also worth a look.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>