Metasploit mailing list archives
Re: Regarding HDM's blog about persistent HTTPS connections
From: Terrence <secretpackets () gmail com>
Date: Wed, 14 Apr 2010 12:08:36 -0400
HD, Why are you encoding into a vbs rather then an exe? What are the benefits of a vbs for persistence? Terrence Gareau On Wed, Apr 14, 2010 at 11:21, Matt Gardenghi <mtgarden () gmail com> wrote:
I'll try that again. Thanks. On 4/14/2010 11:00 AM, HD Moore wrote:On 4/14/2010 8:20 AM, Matt Gardenghi wrote:HD, I followed your example, but when I encode calc.exe, the resulting file is 7.7MB. Clearly something is wrong.... The input file size is 918K. Further, when I use a different file (say cmd.exe - starts at 301K) it is 2.4MB. Also, when the vbs is run on a test box, it pegs the CPU and seems to fail. I'm using Framework: 3.4.0-dev.9052 and Console: 3.4.0-dev.9040 Am I missing something? Or is there a bug somewhere that I should be reporting?Converting an EXE to a VBS ends up adding a ton of overhead - the VBS code might just be taking a long time to decode the hex buffer before writing it to disk to execute. You can try either waiting longer or finding a smaller EXE to use as a template. My own testing ended up with a ~980k VBS, but this was using calc.exe from Windows XP SP1. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Regarding HDM's blog about persistent HTTPS connections Matt Gardenghi (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections HD Moore (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections Matt Gardenghi (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections Terrence (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections HD Moore (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections Matt Gardenghi (Apr 14)
- Re: Regarding HDM's blog about persistent HTTPS connections HD Moore (Apr 14)