Metasploit mailing list archives
Re: Meterpreter injection into 2 processes simultaneously?
From: Philip Sanderson <philip.k.sanderson () gmail com>
Date: Fri, 10 Sep 2010 00:29:49 +1000
you're looking for -m when executing a process in windows (in memory execution, does not touch disk) meterpreter > execute -h Usage: execute -f file [options] Executes a command on the remote machine. OPTIONS: -H Create the process hidden from view. -a <opt> The arguments to pass to the command. -c Channelized I/O (required for interaction). -d <opt> The 'dummy' executable to launch when using -m. -f <opt> The executable command to run. -h Help menu. -i Interact with the process after creating it. -k Execute process on the meterpreters current desktop -m Execute from memory. -s <opt> Execute process in a given session as the session user -t Execute process with currently impersonated thread token On Fri, Sep 10, 2010 at 12:17 AM, John Nash <rootsecurityfreak () gmail com>wrote:
the reason i want to inject in memory is because file upload will trigger AVs! :( anyone knows if we can do this in memory? On Thu, Sep 9, 2010 at 5:43 PM, archeldeeb <archeldeeb () gmail com> wrote:create an exe using msfpayload then. uploadexec that meterpreter.exe :) it always works. Sherif eldeeb -----Original Message----- From: Daniel Clemens <daniel.clemens () packetninjas net> Sent: 09 September, 2010 9:59 AM To: John Nash <rootsecurityfreak () gmail com> Cc: framework () spool metasploit com Subject: Re: [framework] Meterpreter injection into 2 processes simultaneously? On Sep 9, 2010, at 1:11 AM, John Nash wrote:I know we can install a meterpereter backdoor using persistence ormetsvc, but these actively make modifications to configurations on the remote system, which i would like to avoid. Non technical response; It sounds like your having to manage perception a bit more than is needed. If things break in the course of an engagement because you had enough access to inject dll's and or execute code to have a session and you HAPPEN to crash a box .... some things need to be cleaned up anyway. When asked if and what will be done if things break I always inform my customers that if something happens this is why we have emergency contact #'s available AND if something is breaking it is indicative of other problems. Technical response; I thought persistency should solve this problem. Don't worry about making a mess, as the Nike slogan goes "Just do it". :P | Daniel Uriah Clemens | Packetninjas L.L.C | | http://www.packetninjas.net | c. 205.567.6850 | | o. 866.267.8851 "Moments of sorrow are moments of sobriety" _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Meterpreter injection into 2 processes simultaneously? John Nash (Sep 08)
- Re: Meterpreter injection into 2 processes simultaneously? Daniel Clemens (Sep 09)
- Re: Meterpreter injection into 2 processes simultaneously? Carlos Perez (Sep 09)
- <Possible follow-ups>
- Re: Meterpreter injection into 2 processes simultaneously? archeldeeb (Sep 09)
- Re: Meterpreter injection into 2 processes simultaneously? John Nash (Sep 09)
- Re: Meterpreter injection into 2 processes simultaneously? Philip Sanderson (Sep 09)
- Re: Meterpreter injection into 2 processes simultaneously? John Nash (Sep 09)