Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: inline meterpreter payload

From: Chip <jeffschips () gmail com>
Date: Tue, 11 Sep 2012 17:40:15 -0400
On 9/11/2012 5:35 PM, egypt () metasploit com wrote:

On Tue, Sep 11, 2012 at 4:31 PM, Richard Miles
<richard.k.miles () googlemail com> wrote:

Hi Joshua

For example, if I use shellcodeexec and it's not detected by AV the first
stage will be loaded on memory and it will download the second stage (.dll)
and only run it from memory, right?

Thanks


The executables that Metasploit creates do not contain meterpreter,
just a stager stub that reads a 4-byte length followed by that many
bytes of a second stage. In the case of meterpreter, the second stage
is a Reflective DLL. Anything that can connect to a Metasploit handler
and follow the same steps will accomplish the same thing.

egypt
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


I've been looking for this explanation for a long time.  Is there a
tutorial on how to do exactly that -- connect a home-grown binary to the
Metasploit handler in the proper fashion so it works?

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: