Full Disclosure mailing list archives
A small project: metafang
From: Brandon Perry <bperry.volatile () gmail com>
Date: Fri, 09 May 2014 17:43:27 -0500
Hi, I gave a short presentation on this tool in a turbo talk at ISSW this year. It is a C# application using GTK for the UI that interfaces with a Metasploit RPC instance and creates .NET payloads that will execute x86/x86_64 shellcode straight from Metasploit. You can create a single executable with both Linux and Windows payloads and the executable will decide at runtime what operating system and architecture it is running on. It will then run the correct payloads you have chosen for that operating system and architecture. The code is here: https://github.com/brandonprry/metafang2 It requires bindings I wrote that interface with the Metasplot RPC: https://github.com/brandonprry/metasploit-sharp.git I would love feedback on this. There is an option to encrypt the payloads as well, but this isn't super stable yet. Even if you don't encrypt the payloads, AV doesn't catch default metasploit connectbacks using this... I also have tabs for Mac and will embed Mac payloads, but they currently do nothing with the current technique. I believe implementing something like the C code at the bottom of this post could resolve this behaviour: http://www.akkadia.org/drepper/selinux-mem.html Currently the technique I use to execute the shellcode on Unix probably won't work if you have SELinux running. Again, I think the technique in the above post could resolve this. I develop this on Linux but I can't think of anything except the GTK dependence that would cause it to not work on other operating systems. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- A small project: metafang Brandon Perry (May 09)