The original incarnation of Incognito has been around for a while it’s now a little dated and also picked up by the vast majority of Anti-Virus vendors.
With this in mind I was intrigued by post by Josh Stone who has done a nice write up on creating an Incognito binary via the Metasploit Framework source code (and one small addition):
Download the following files from the meterpreter GitHub repository or from a local metasploit framework install:
list_tokens.h, list_tokens.c, token_info.c, token_info.h, incognito.h
and download main.c from Josh’s site.
Then compile yourself up a new version making some subtle changes to original source code and it’s unlikely your shiny new tool with ever get picked up by AV:
gcc -o Incognito.exe
main.c list_tokens.c token_info.c
It’s also worth mentioning that MWR Labs have updated Incognito to version 2.0 (with source code available) so this is also worth a look.