Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Reflective DLL Injection

From: jerome.athias at free.fr (Jerome Athias)
Date: Sat, 01 Nov 2008 10:28:54 +0100
[Note for mailing-lists' moderators: please just block this mail if it's
too noisy. And accept apologizes.]

metafan at intern0t.net a ?crit :

Hi there Jerome,


That sounds quite awesome as i haven't seen a backdoor (yet),
which you can send programming code to and then compile if that
was the plan with your current project and it also sounds cool
that you are going to make a dll as well but exactly how are you
going to be able to implement with Metasploit? Or is that solved?

I know there's a function to inject a dll and execute in Metasploit,
and yes there's also the famous meterpreter payload which is the best
payload for post-exploitation at the moment (at least in my oppinion),
but since i haven't seen this kind of backdoor yet, it wouldn't hurt
to see it when you're done with it :)
  

I think to use The Metasploit Framework, via the meterpreter (skape:
you're the man! ;p), via a meterpreter-script[1] to inject/load all the
DLLs and use my backdoor for post-exploitation, without the 'limitation'
of the meterpreter's built-in functions.

[1] MSF meterpreter scripting
http://metasploit.com/dev/trac/browser/framework3/trunk/scripts/meterpreter/killav.rb?rev=5773


(Or when it works, it doesn't matter if it's detected by AV's etc as
i'm only testing for legally purposes anyway! ;D But keep up the good job).
  

I'm currently translating my code from french to english.
I thought to answer to a Call For Paper with this project, but well, if
when reviewed you like it, just send me a good bottle of wine ;p
PoC coming up in "a near future" (quote stolen to HDM ;p)...
;-)

/JA
Previous By Date Next
Previous By Thread Next

Current thread: