Metasploit mailing list archives

Re: msfencode -k

From: NetEvil <netevil () hackers it>
Date: Fri, 16 Apr 2010 22:49:32 +0200

Worked!

But I'm wondering if with this method could be applied also on alreadypacket exe..


David

Sent from my mobile device
--------------------------------------

Il giorno 15/apr/2010, alle ore 15.53, Rob Fuller <mubix () room362 chascritto:

It works wonderfully with the original exe running with the payload
working in another thread, and I think if you pack it after the fact
that it will still work, but trying to use a packed binary as a
template for msfpayload or msfencode I believe will always fail, (in
its current incarnation)


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*




On Thu, Apr 15, 2010 at 9:32 AM, NetEvil <netevil () hackers it> wrote:
Hi Rob
With a packed exe the encoding stops saying "is it a packetbinary?" ..and i
have no output generated...
Then I've tried with surely not packed bins...all went ok ..but istillcannot see this feature working....with the original exe running +payload
in another thread....



Sent from my mobile device
--------------------------------------
Il giorno 15/apr/2010, alle ore 15.22, Rob Fuller<mubix () room362 com> ha
scritto:
I could be wrong, but I doubt that msfencode and msfpayload dealwithpacked binaries, try unpacking and repacking them after MSF-symbiosis
is achieve.


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*




On Thu, Apr 15, 2010 at 3:45 AM, NetEvil <netevil () hackers it> wrote:
Hi guys,
I've tried to msfencode shikata ga nai with the -k option usingvarious
templates...but in most of cases.. stops encoding cause finds an
incorrect
eof on packed files...or when goes well on unpacked exe theresulting bin
in
not working as the original...got running just the payload ...onmy xp
sp3
box..
Am i missing something?

Thanks.
David

Sent from my mobile device
--------------------------------------
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

msfencode -k NetEvil (Apr 15)
- Re: msfencode -k Rob Fuller (Apr 15)
- <Possible follow-ups>
- Re: msfencode -k NetEvil (Apr 15)
- Re: msfencode -k NetEvil (Apr 15)
  - Re: msfencode -k Rob Fuller (Apr 15)
    - Re: msfencode -k NetEvil (Apr 16)
    - Re: msfencode -k scriptjunkie (Apr 26)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: msfencode -k NetEvil (Apr 15)
- Re: msfencode -k NetEvil (Apr 15)