Metasploit mailing list archives
Reflective DLL Injection
From: jerome.athias at free.fr (Jerome Athias)
Date: Sat, 01 Nov 2008 10:28:54 +0100
[Note for mailing-lists' moderators: please just block this mail if it's too noisy. And accept apologizes.] metafan at intern0t.net a ?crit :
Hi there Jerome, That sounds quite awesome as i haven't seen a backdoor (yet), which you can send programming code to and then compile if that was the plan with your current project and it also sounds cool that you are going to make a dll as well but exactly how are you going to be able to implement with Metasploit? Or is that solved? I know there's a function to inject a dll and execute in Metasploit, and yes there's also the famous meterpreter payload which is the best payload for post-exploitation at the moment (at least in my oppinion), but since i haven't seen this kind of backdoor yet, it wouldn't hurt to see it when you're done with it :)
I think to use The Metasploit Framework, via the meterpreter (skape: you're the man! ;p), via a meterpreter-script[1] to inject/load all the DLLs and use my backdoor for post-exploitation, without the 'limitation' of the meterpreter's built-in functions. [1] MSF meterpreter scripting http://metasploit.com/dev/trac/browser/framework3/trunk/scripts/meterpreter/killav.rb?rev=5773
(Or when it works, it doesn't matter if it's detected by AV's etc as i'm only testing for legally purposes anyway! ;D But keep up the good job).
I'm currently translating my code from french to english. I thought to answer to a Call For Paper with this project, but well, if when reviewed you like it, just send me a good bottle of wine ;p PoC coming up in "a near future" (quote stolen to HDM ;p)... ;-) /JA
Current thread:
- Reflective DLL Injection Jerome Athias (Nov 01)
- Reflective DLL Injection Jun Koi (Nov 02)
- Reflective DLL Injection egypt at metasploit.com (Nov 02)
- Message not available
- Reflective DLL Injection Harmony Security (Nov 03)
- Reflective DLL Injection Jun Koi (Nov 06)
- Reflective DLL Injection Harmony Security (Nov 06)
- Reflective DLL Injection Jerome Athias (Nov 06)
- Reflective DLL Injection Jun Koi (Nov 02)
- <Possible follow-ups>
- Reflective DLL Injection metafan at intern0t.net (Nov 01)
- Reflective DLL Injection Jerome Athias (Nov 01)
- XBACKDOOR v1.0 released Jerome Athias (Nov 02)