dynamic multi handler..

[netevil at hackers.it (netevil)]

HD Moore wrote:
> On Sat, 2009-09-26 at 21:25 +0200, netevil wrote:
> > in my scenario i have a target that executes a meterpreter payload
> > and a listening multi handler... that changes ip.. periodically..
> > do you see a smart way for making the payload (created with msfpayload
> > & msfencode..) connect back to a dynamic listener?
>
> It usually makes more sense to use a listening system with a static IP
> for this kind of thing - you can specify a hostname in the LHOST option,
> but it is resolved to an IP and that IP is stored in the payload. We
> could update the code to do DNS resolution, but its likely to
> drastically increase the payload size, which makes it less useful for
> most exploits. 
>
> Something you could do to solve this is to create your own executable
> (in C) that tries to connect back to multiple IPs/Ports/DNS names, and
> once connected, acts like the metasploit staging system, downloads the
> meterpreter stage, and continues execution. However, at this point you
> would be better off just changing Alex's Meterpreter Service to do a
> reverse connect instead of a bind and use the windows/metsvc_reverse_tcp
> payload with multi/handler on one of your listening endpoints.

Thanks a lot HD! I go to see to recompile Alex's metsrv...thinking about 
your tips ;)

> -HD
david