[Pauldotcom] Manually embedding shellcode into executables
dimitrios at gmail.com
Wed Dec 2 02:25:12 UTC 2009
I haven't had much success with the msfpayload, seem that most virus scans
pick up the payload. Even tried to use a couple types of encoding stacked on
top of each other with out much luck.
play with it and then test exe against virustotal.com
On Tue, Dec 1, 2009 at 4:17 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
> Ok, I just read Rob post here:
> and checked my exes. Since both are the same size, I'm guessing it's not
> working as a binder but as a "cloaker" of sorts.
> On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
>> Ok, I did this:
>> $ msfpayload windows/adduser user=test pass=test exitfunc=seh R |
>> msfencode -t exe -x notepad.exe -o MYNEWFILE.exe
>> The exe made has the same icon an metadata as the original. The payload
>> runs since the "test" account is created, but notepad never comes up, so it
>> doen not make much of a binder. Any ideas?
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pauldotcom