nerdexam
EC-Council

312-50V9 · Question #297

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

The correct answer is C. msfencode. msfencode applies encoding algorithms to Metasploit payloads to alter their byte signatures, enabling shellcode to bypass antivirus signature-based detection.

Evading IDS, Firewalls, and Honeypots

Question

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options

  • Amsfpayload
  • Bmsfcli
  • Cmsfencode
  • Dmsfd

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    94% (32)

Why each option

msfencode applies encoding algorithms to Metasploit payloads to alter their byte signatures, enabling shellcode to bypass antivirus signature-based detection.

Amsfpayload

msfpayload generates raw shellcode payloads but performs no encoding or obfuscation to evade antivirus detection.

Bmsfcli

msfcli is a command-line interface for scripting and launching Metasploit modules and has no payload encoding or AV evasion functionality.

CmsfencodeCorrect

msfencode transforms raw payloads using encoders such as x86/shikata_ga_nai, which applies a polymorphic XOR additive feedback scheme to obfuscate the payload's byte pattern. Applying multiple encoding iterations (-t -c) further mutates the signature, reducing the chance of AV detection. It was the dedicated payload encoding tool in the Metasploit Framework before being merged into msfvenom.

Dmsfd

msfd is the Metasploit background daemon that listens for incoming connections and provides no encoding or payload manipulation capabilities.

Concept tested: Metasploit payload encoding for antivirus evasion

Source: https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html

Topics

#msfencode#AV evasion#Metasploit#payload encoding

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice