Metasploit mailing list archives
dynamic multi handler..
From: netevil at hackers.it (netevil)
Date: Sat, 26 Sep 2009 22:08:38 +0200
HD Moore wrote:
On Sat, 2009-09-26 at 21:25 +0200, netevil wrote:in my scenario i have a target that executes a meterpreter payload and a listening multi handler... that changes ip.. periodically.. do you see a smart way for making the payload (created with msfpayload & msfencode..) connect back to a dynamic listener?It usually makes more sense to use a listening system with a static IP for this kind of thing - you can specify a hostname in the LHOST option, but it is resolved to an IP and that IP is stored in the payload. We could update the code to do DNS resolution, but its likely to drastically increase the payload size, which makes it less useful for most exploits. Something you could do to solve this is to create your own executable (in C) that tries to connect back to multiple IPs/Ports/DNS names, and once connected, acts like the metasploit staging system, downloads the meterpreter stage, and continues execution. However, at this point you would be better off just changing Alex's Meterpreter Service to do a reverse connect instead of a bind and use the windows/metsvc_reverse_tcp payload with multi/handler on one of your listening endpoints.
Thanks a lot HD! I go to see to recompile Alex's metsrv...thinking about your tips ;)
-HD
david
Current thread:
- dynamic multi handler.. netevil (Sep 26)
- dynamic multi handler.. HD Moore (Sep 26)
- dynamic multi handler.. netevil (Sep 26)
- dynamic multi handler.. Jeffs (Sep 26)
- dynamic multi handler.. David Kennedy (Sep 26)
- dynamic multi handler.. HD Moore (Sep 26)
- dynamic multi handler.. HD Moore (Sep 26)