Re: Writing an encoder

[John Strand <strandjs () gmail com>]

Not quite the same thing.  But close..

Check out stripwire.pl.

HTH,

John

On Tue, Jul 26, 2011 at 9:35 AM, Paul Johnston <paj () pajhome org uk> wrote:

> Hi,
>
> I have an interesting vulnerability to exploit.
>
> I can place a file on the victim's computer (Windows), so for now I am
> placing a .exe file in their startup directory. I'm using
> windows/shell_reverse_tcp encoded using msfpayload/msfencode. This gets me a
> shell when the user reboots, which will do for the purpose of my demo.
>
> However, to place the file it needs to match a particular checksum, which
> works in 512-byte blocks. If I can modify two bytes in each block, I can
> "massage" the file to have the correct checksum. So, what I need is an
> encoder that lets me do this without messing up the .exe file. I was
> thinking that it could inject something like the following, every 512-bytes:
>
> push eax
> mov 0x00000000, eax
> pop eax
>
> That way, I can tamper with the 0x00000000 without messing up the code. I
> am going to press on with implementing this.
>
> What I wondered is: has anyone tried something similar? Any alternative
> ideas for achieving this? Any pitfalls to be wary of?
>
> Advice would be much appreciated :-)
>
> Paul
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework


-- 
John Strand
Office: (605) 550-0742
Cell: (303) 710-1171

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework