Jump to content

Does MBAE or MBAM block files attempting to open a reverse shell


Recommended Posts

Does MBAE or MBAM block files attempting to open a reverse shell, or is this outside the scope of the software?

From the following post, an exploit is labeled as "The exploit shellcode then runs some special instructions called payload."

 

 

I validated that MBAM blocked a reverse shell created by msfvenom

This results in a packed exe that when executed on windows, it's detected as Trojan.Malpack: https://blog.malwarebytes.com/detections/trojan-malpack/

From the description, this makes sense as I believe msfvendom creates a packed PE.

 

In the case of a simple netcat reverse shell, this isn't blocked in my test.

I'm also able to create a simple .bat file and execute this without issues. I'm also able to upload and download this .bat file with this reverse shell code inside.

I realize this isn't exploiting a vulnerability, but this is a common payload used to gain access in the wild.

 

Malwarebytes version: 4.3.0.98

 

I also validated using Process Explorer I have mbae64.dll files injected into my firefox.exe processes.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.