Metasploit mailing list archives
Re: Packing an Exe produced using msfpayload and msfencode?
From: archeldeeb <archeldeeb () gmail com>
Date: Mon, 13 Sep 2010 19:18:40 +0300
it does decrease detection rate slightly depending on the packer used, and definitely decrease file size wich comes handy sometimes , but beware that packed executaples are more suspicious than unpacked ones. for example, msfencoded payload with -x calc.exe will be around 113kb, which won't work with tools like exe2bat that needs them to be less than 64kb, so, UPX-ing it will get you a 58kb exe. if you are using -x option, consider editing the resulting exe using a resource editor like "xn-resource editor" to remove unneeded resources like icons wich will also decrease size along with other useful things "change description, icon...etc." sherif eldeeb. -----Original Message----- From: John Nash <rootsecurityfreak () gmail com> Sent: 13 September, 2010 9:12 AM To: framework () spool metasploit com Subject: [framework] Packing an Exe produced using msfpayload and msfencode? Is it worthwhile to pack executables produced by msfpayload or using msfencoder? can someone share their experience? jn
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Packing an Exe produced using msfpayload and msfencode? John Nash (Sep 12)
- Re: Packing an Exe produced using msfpayload and msfencode? Rob Fuller (Sep 13)
- Re: Packing an Exe produced using msfpayload and msfencode? John Nash (Sep 13)
- <Possible follow-ups>
- Re: Packing an Exe produced using msfpayload and msfencode? archeldeeb (Sep 13)
- Re: Packing an Exe produced using msfpayload and msfencode? Rob Fuller (Sep 13)