Metasploit mailing list archives
making your own payload
From: mmiller at hick.org (mmiller at hick.org)
Date: Tue, 6 Dec 2005 11:25:04 -0600
On Tue, Dec 06, 2005 at 05:01:18PM +0000, pagvac wrote:
So what I did is the following. I wrote a simple and crappy program in C that drops pwdump2.exe and samdump.dll once it's executed. After that it dumps the passwords hashes (by calling the dropped pwdump2.exe) and prints them on the screen.From this point on I can just grab the hashes from the remote shellwith a simple-and-lame copy and paste. Anyways, I attached the .c and .exe file in case anyone is interested. The reason why I wrote this is because I wanted make the root-shell/dump-hashes process a single shot attack.
In the 3.0 version of the framework (and backported to the 2.x branch), we've integrated Vinnie Liu's sam juicer meterpreter module. The sam juicer module is basically equivalent in functionality to the pwdump suite but is much less intrusive and leaves no forensic evidence because it runs entirely from memory. In 3.0, sam juicer is planned to be part of a larger privilege escalation module. You might consider writing meterpreter plugins in the future if you're looking to automate some of the post-exploitation tasks. You can write extensions in the form of DLLs that can be loaded on the target machine at runtime and interacted with. All of the modules run entirely from memory to avoid forensic detection.
Current thread:
- making your own payload pagvac (Dec 06)
- making your own payload H D Moore (Dec 06)
- making your own payload mmiller at hick.org (Dec 06)
- making your own payload pagvac (Dec 06)
- making your own payload mmiller at hick.org (Dec 06)
- making your own payload H D Moore (Dec 06)
- making your own payload Andre Ludwig (Dec 06)
- making your own payload Jerome Athias (Dec 06)
- making your own payload pagvac (Dec 06)