Metasploit mailing list archives
Re: inline meterpreter payload
From: egypt () metasploit com
Date: Tue, 11 Sep 2012 16:35:56 -0500
On Tue, Sep 11, 2012 at 4:31 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Hi Joshua For example, if I use shellcodeexec and it's not detected by AV the first stage will be loaded on memory and it will download the second stage (.dll) and only run it from memory, right? Thanks
The executables that Metasploit creates do not contain meterpreter, just a stager stub that reads a 4-byte length followed by that many bytes of a second stage. In the case of meterpreter, the second stage is a Reflective DLL. Anything that can connect to a Metasploit handler and follow the same steps will accomplish the same thing. egypt _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- inline meterpreter payload _Vlad_ (Sep 07)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 07)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload egypt (Sep 11)
- Re: inline meterpreter payload Chip (Sep 11)
- Re: inline meterpreter payload egypt (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload Stephen Haywood (Sep 11)
- Re: inline meterpreter payload Stephen Haywood (Sep 11)
- Re: inline meterpreter payload Michael Schierl (Sep 12)
- Re: inline meterpreter payload Joshua Smith (Sep 12)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload Richard Miles (Sep 12)
- Re: inline meterpreter payload egypt (Sep 12)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 07)
- Re: inline meterpreter payload Jonathan Cran (Sep 11)