Results 1 to 2 of 2

Thread: Custom executable (but not generated by Metasploit) as payload

  1. #1
    Just burned his ISO
    Join Date
    May 2011
    Posts
    6

    Default Custom executable (but not generated by Metasploit) as payload

    I posted a comment in a thread recently about AV picking up custom executables created as a payload, even following encoding multiple times with one or more encoders. As far as I understand it, the AVs are picking up a signature related to how Meterpreter creates the executable, rather than the content of the payload. I know that I can create an executable that isn't picked up by AVs (such as a hex-edited version of nc.exe or one with a code cave), but can I use that as the payload which is uploaded and run on the target system when the exploit has completed? I came across the custom.rb script but that's only become available within the last couple of weeks and I'm not sure it would allow me to do what I would like.

    I know that I could use such a hex-edited executable packaged with a legitimate installer and use Social Engineering to have a victim run it, but I would like to go down the route of finding some software vulnerability (such as Adobe) or an unpatched vulnerability in the Windows Operating system.

    Thanks for your time (and patience!).

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    3

    Default Re: Custom executable (but not generated by Metasploit) as payload

    Here is an article that is very useful in creating metasploit payloads to evade AV engines. This method gives the user alot of flexibility in obfuscating the ASM instructions to bypass AV engines.

    http://www.pentestgeek.com/2012/01/2...t-writing-asm/

    Enjoy!

Similar Threads

  1. fake update custom encoded payload
    By pentest09 in forum Beginners Forum
    Replies: 0
    Last Post: 06-09-2010, 10:41 AM
  2. Metasploit msfpayload | using an existing executable?
    By dragon6 in forum Beginners Forum
    Replies: 5
    Last Post: 04-15-2010, 02:47 PM
  3. Building a meterpreter executable (Metasploit)
    By stove937 in forum OLD Newbie Area
    Replies: 6
    Last Post: 12-05-2009, 01:56 PM
  4. Generated Payload into javascript
    By xnoor in forum OLD Pentesting
    Replies: 0
    Last Post: 07-17-2009, 04:43 PM
  5. Running metasploit payload in C/C++ app
    By blackd0t in forum OLD Newbie Area
    Replies: 2
    Last Post: 12-01-2008, 12:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •