Metasploit mailing list archives
Win32_Bind_Stg_Upexec Payload
From: mmiller at hick.org (mmiller at hick.org)
Date: Wed, 11 May 2005 09:26:08 -0500
On Wed, May 11, 2005 at 10:10:18AM -0400, jesus saves wrote:
Hi, I am testing the above payload within my test network. I am exploiting a W2K machine using the rpc dcom exploit module. For testing purposes, I am attempting to upload and execute "notepad.exe" on my target machine. After executing the exploit module, I notice on my target machine that "metasploit.exe" is listed in the running processes, but not notepad.exe. With this particular payload, are the executable file names renamed to "metasploit.exe" ?
Yes, uploaded processes are written to the disk as 'C:\metasploit.exe' and then executed. The source code for this payload can be found under: src/shellcode/win32/standard/win32_stage_uploadexec.asm
Current thread:
- Win32_Bind_Stg_Upexec Payload jesus saves (May 11)
- Win32_Bind_Stg_Upexec Payload mmiller at hick.org (May 11)