Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encoding an Exe file with msfencode

From: HD Moore <hdm () metasploit com>
Date: Sun, 21 Mar 2010 06:51:08 -0500
On 3/21/2010 3:50 AM, Danux wrote:

Hey List:

I have a working trojan in a windows box, the problem is that it is
being caught by AVG so after many hours trying to bypass AVG by
modifying my XOR Encoder I gave up, so I was trying to use msfencode
to bypass AVG but since it is a exe file and not a raw one the program
is undetected by AVG but useless since it is not working any more.

I know that msfencode expects a raw file instead of an exe but
wondering if there is a way to revert from exe to raw in order to
encode only .text section without affecting the functionality.


Its not as simple as encoding the contents of the .text section, as most
binaries have code references to other sections. This is something often
asked for, but a "binder" or "packer" is what you are looking for, not a
shellcode-specific utility like msfencode.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: