Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: against EMET?

From: Joshua Smith <lazydj98 () gmail com>
Date: Wed, 1 Feb 2012 19:09:45 -0500
Tho if u r just talking about binary payloads you'll want to google around, scriptjunkie has a nice write up on it from 
a while back (scriptjunkie.us). Has to do with the stub msf uses to generate the binary iirc

-Josh

On Feb 1, 2012, at 18:24, Chip <jeffschips () gmail com> wrote:


It is my understanding that although Metapsloit can create custom payloads as such:

msf > use exploit/windows/smb/psexec
msf  exploit(psexec) > set EXE::Custom /tmp/mypayload.exe
EXE::Custom => /tmp/mypayload.exe


these would generally be detected by AV (correct me if I'm wrong).

Is there someplace on the net where we can learn how to generate "real" custom payloads that can then be folded into 
Metapsloit?

Thanks.

On 2/1/2012 11:31 AM, HD Moore wrote:

On 2/1/2012 8:06 AM, Stephen Haywood wrote:

Is the stager typically caught by the AV because it gets written to disk
but the payload doesn't get caught because it is in memory? If that is
the case, then learning how to write custom stagers is a good skill to
have for bypassing AV right?

The stager is used for both EXE generation and normal payloads
(in-memory). AV detection is usually due to the EXE generator's output
template hitting known signatures or the mechanics of the stager being
detected encoded on disk (but the former is much more common). Getting
some experience writing custom payloads of any type (whether its a
stager, stage, or single in metasploit terms) will help with HIPS, IDS,
and AV evasion.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: