Manually embedding shellcode into executables

[dimitrios at gmail.com (Dimitrios Kapsalis)]

I haven't had much success with the msfpayload, seem that most virus scans
pick up the payload. Even tried to use a couple types of encoding stacked on
top of each other with out much luck.

play with it and then test exe against virustotal.com

On Tue, Dec 1, 2009 at 4:17 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> Ok, I just read Rob post here:
>
> http://www.room362.com/blog/2009/11/3/metasploit-blends-in-new-msfpayloadencode.html
>
> and checked my exes. Since both are the same size, I'm guessing it's not
> working as a binder but as a "cloaker" of sorts.
>
> Adrian
>
>
> On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
>
> > Ok, I did this:
> >
> > $ msfpayload windows/adduser user=test pass=test exitfunc=seh R |
> > msfencode -t exe -x notepad.exe -o MYNEWFILE.exe
> >
> > The exe made has the same icon an metadata as the original. The payload
> > runs since the "test" account is created, but notepad never comes up, so it
> > doen not make much of a binder. Any ideas?
> >
> > Adrian
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091201/976928c8/attachment.htm