Metasploit mailing list archives
Re: inline meterpreter payload
From: Matthew Weeks <scriptjunkie1 () googlemail com>
Date: Sun, 16 Sep 2012 09:44:25 -0500
As far as the original question of creating an all-in-one meterpreter payload goes though (DLL included), you probably want to look at the metsvc handlers and source. Metsvc is effectively a persistent bind meterpreter backdoor that doesn't transmit the DLL on connect. https://github.com/rapid7/metasploit-framework/tree/master/external/source/metsvc scriptjunkie On Fri, Sep 14, 2012 at 3:21 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Hi Sherif El-Deeb, Great explanation, make a lot of sense what you told. On the other side I think it make modifications to avoid antivirus much harder. For example, it's not possible to use a strong packing at .dll since it will prevent the patching in memory of the addresses that will be used for further connections. I think this will make detection for AV gateways easier. Thanks.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: inline meterpreter payload, (continued)
- Re: inline meterpreter payload Joshua Smith (Sep 12)
- Re: inline meterpreter payload Richard Miles (Sep 12)
- Re: inline meterpreter payload egypt (Sep 12)
- Re: inline meterpreter payload Jonathan Cran (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload HD Moore (Sep 07)
- Re: inline meterpreter payload Raphael Mudge - Raffi's House of Shells (Sep 12)
- Re: inline meterpreter payload Richard Miles (Sep 13)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 13)
- Re: inline meterpreter payload Richard Miles (Sep 14)
- Re: inline meterpreter payload Matthew Weeks (Sep 16)
- Re: inline meterpreter payload Richard Miles (Sep 13)