Metasploit mailing list archives
msfencode with 3rd binaries?
From: hdm at metasploit.com (H D Moore)
Date: Mon, 08 Jun 2009 20:10:21 -0500
On Mon, 08 Jun 2009 19:38:44 -0500, Richard Miles <richard.k.miles at googlemail.com> wrote:
I would love to know if there is a way to apply the msfencode to a 3rd binary. Suppose I have a windows PE file and I would like to use msfencode magic in it to make it undetectable. Is is possible?
Not yet - msfencode only works on small chunks of an assembler, what you are looking for is a full-blown packer, such as ASPack or UPX. A great way to bypass AV product detection is to use a standard packer (UPX is easy) and then manually tweak the binary in a hex editor (change the UPX0-3 section names, replace some of the instructions at the entry point with equivalent opcodes, etc). Someday we plan on adding a full blown PE packer/scrambler, but its not on a timeline yet. -HD
Current thread:
- msfencode with 3rd binaries? Richard Miles (Jun 08)
- msfencode with 3rd binaries? H D Moore (Jun 08)