Aug 15

Old Incognito binary not working? or being eaten by AV? Then make your own

The original incarnation of Incognito has been around for a while it’s now a little dated and also picked up by the vast majority of Anti-Virus vendors.

With this in mind I was intrigued by post by Josh Stone who has done a nice write up on creating an Incognito binary via the Metasploit Framework source code (and one small addition):

Quick Start:

Download the following files from the meterpreter GitHub repository or from a local metasploit framework install:

list_tokens.h, list_tokens.c, token_info.c, token_info.h, incognito.h

and download main.c from Josh’s site.

Then compile yourself up a new version making some subtle changes to original source code and it’s unlikely your shiny new tool with ever get picked up by AV:

gcc -o Incognito.exe main.c list_tokens.c token_info.c 

It’s also worth mentioning that MWR Labs have updated Incognito to version 2.0 (with source code available) so this is also worth a look.



Leave a Reply

Your email address will not be published.