Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

making your own payload

From: hdm at metasploit.com (H D Moore)
Date: Tue, 6 Dec 2005 10:32:12 -0600
On Tuesday 06 December 2005 10:24, pagvac wrote:

This executable automates many tasks that I usually do on the target
machines after comprising them when doing penetration testing.


This an executable, not a written-in-assembler payload? In that case, you 
will need to upload and execute it using another payload (such as 
Meterpreter).


The problem is that I have no idea on how to remove all the nulls
(0x00) so that the exploit doesn't break.


Assuming this a payload and not an executable, you do not need to worry 
about null bytes. The framework automatically encodes the payload for 
you, based on the BadChars field defined in the exploit module you use.


I'd like to have some references on documentation/tools that can help
me create this payload and successfully run it with metasploit on
existing exploit modules.


Great, us too :-) If you are talking about a standalone executable, this 
is not a 'payload' in the sense of the framework, but you can use or 
write a payload to upload and execute it (and maybe even handle the 
connection side for you, etc).


Question: are all payloads compatible with metasploit? In other words,
can I get a shellcode from an external resource and use it
successfully with metasploit?


The short answer is no. You can talk almost any payload, stick it into a 
payload module, and inject it into the remote target process with the 
correct exploit. The problem is that most payloads need what we call a 
"handler" -- if its a bind shell, you need to connect to the shell and 
then read from the console and send the commands down the socket. If the 
payload you want to use has a standard connection method (bind, reverse 
connect, etc), you should be all set, just use one of the related 
payloads as a template. If the payload needs some crazy protocol for 
communication, or doesn't establish a connection, then it will still run 
on the remote system, but you would need to figure out the interaction 
part by yourself (and possibly write handler code for it).

Hope this helps,

-HD
Previous By Date Next
Previous By Thread Next

Current thread: