Metasploit mailing list archives

dynamic multi handler..


From: dkennedy at securestate.com (David Kennedy)
Date: Sat, 26 Sep 2009 16:40:06 -0400

http://www.phreedom.org/software/metsvc/releases/metsvc-1.0.zip


________________________________
From: Jeffs <jeffs at speakeasy.net>
Reply-To: <jeffs at speakeasy.net>
Date: Sat, 26 Sep 2009 16:35:31 -0400
To: <framework at spool.metasploit.com>
Subject: Re: [framework] dynamic multi handler..

Can someone point me to Alex's Meterpreter service?  Looks intriguing but cannot find it.


HD Moore wrote:

On Sat, 2009-09-26 at 21:25 +0200, netevil wrote:



in my scenario i have a target that executes a meterpreter payload
and a listening multi handler... that changes ip.. periodically..
do you see a smart way for making the payload (created with msfpayload
& msfencode..) connect back to a dynamic listener?




It usually makes more sense to use a listening system with a static IP
for this kind of thing - you can specify a hostname in the LHOST option,
but it is resolved to an IP and that IP is stored in the payload. We
could update the code to do DNS resolution, but its likely to
drastically increase the payload size, which makes it less useful for
most exploits.

Something you could do to solve this is to create your own executable
(in C) that tries to connect back to multiple IPs/Ports/DNS names, and
once connected, acts like the metasploit staging system, downloads the
meterpreter stage, and continues execution. However, at this point you
would be better off just changing Alex's Meterpreter Service to do a
reverse connect instead of a bind and use the windows/metsvc_reverse_tcp
payload with multi/handler on one of your listening endpoints.

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090926/509d43a0/attachment.html>


Current thread: