Encrypt meterpreter/reverse_tcp connection

[natron at invisibledenizen.org (natron)]

I've done some goofy things with downloadexec and some port forwarding
stuff.  You can drop plink.exe to connect back to your SSH server and
forward a local port to your SSH/msf server, then compile
meterpreter/reverse_tcp to point to 127.0.0.1:forwarded_port.  Wrap it
all in an SFX archive keyed to launch your controlling script (batch,
vbs, etc) to handle execution flow.

There's a ticket open to implement rudimentary XOR 'encryption' so
it's at least not recognizable or cleartext like it is now, but that's
not made it into the dev tree yet.

2009/1/22 Rob Fuller <mubix at room362.com>:
> If you don't need to be encrypted right off the bat, you can drop 'sbd'
> (netcat clone) onto the system, set up an encrypted channel, and then jump
> back into meterpreter using route and the psexec 'exploit'. It works in my
> head, so someone please correct me if I am wrong.
>
> On Thu, Jan 22, 2009 at 12:52 PM, Nelson <komseh at gmail.com> wrote:
> > Is there a way to encrypt the connection made between a
> > meterpreter/reverse_tcp payload and the reverse_tcp handler?  None of
> > the set values make it obvious and I need to bypass an IPS.
> > _______________________________________________
> > http://spool.metasploit.com/mailman/listinfo/framework
>
>
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework