Metasploit mailing list archives

Re: inline meterpreter payload

From: Matthew Weeks <scriptjunkie1 () googlemail com>
Date: Sun, 16 Sep 2012 09:44:25 -0500

As far as the original question of creating an all-in-one meterpreter
payload goes though (DLL included), you probably want to look at the
metsvc handlers and source. Metsvc is effectively a persistent bind
meterpreter backdoor that doesn't transmit the DLL on connect.
https://github.com/rapid7/metasploit-framework/tree/master/external/source/metsvc

scriptjunkie


On Fri, Sep 14, 2012 at 3:21 PM, Richard Miles
<richard.k.miles () googlemail com> wrote:

Hi Sherif El-Deeb,

Great explanation, make a lot of sense what you told.

On the other side I think it make modifications to avoid antivirus much
harder. For example, it's not possible to use a strong packing at .dll since
it will prevent the patching in memory of the addresses that will be used
for further connections. I think this will make detection for AV gateways
easier.

Thanks.

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Re: inline meterpreter payload, (continued)
- - - Re: inline meterpreter payload Joshua Smith (Sep 12)
    - Re: inline meterpreter payload Richard Miles (Sep 12)
    - Re: inline meterpreter payload egypt (Sep 12)
    - Re: inline meterpreter payload Jonathan Cran (Sep 11)
    - Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload HD Moore (Sep 07)
- Re: inline meterpreter payload Raphael Mudge - Raffi's House of Shells (Sep 12)
  - Re: inline meterpreter payload Richard Miles (Sep 13)
    - Re: inline meterpreter payload Sherif El-Deeb (Sep 13)
    - Re: inline meterpreter payload Richard Miles (Sep 14)
    - Re: inline meterpreter payload Matthew Weeks (Sep 16)