Foolav - Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host.

Foolav – Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host.

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload (meterpreter maybe?) while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file into the same directory.
x86 binary will run on both x86 and x86_64 Windows systems. In case when payload is a meterpreter, you should have no issues when migrating x86 meterpreter to x86_64 processes.

Usage steps:
1. prepare one-line payload (x86), e.g:

2. save as [executable-name-without-exe-extension].mf in same directory as executable payload running calc.exe generated using above command:

3. once executable is run, payload will be parsed, loaded into separate thread and executed in memory:

calc-foolav

calc-foolav

Download : foolav.zip(55 KB)
Source : https://github.com/hvqzao