Home page logo

metasploit logo Metasploit mailing list archives

Re: Regarding HDM's blog about persistent HTTPS connections
From: Matt Gardenghi <mtgarden () gmail com>
Date: Wed, 14 Apr 2010 11:21:39 -0400

I'll try that again.  Thanks.

On 4/14/2010 11:00 AM, HD Moore wrote:
On 4/14/2010 8:20 AM, Matt Gardenghi wrote:
HD, I followed your example, but when I encode calc.exe, the resulting
file is 7.7MB.  Clearly something is wrong....  The input file size is

Further, when I use a different file (say cmd.exe - starts at 301K) it
is 2.4MB.  Also, when the vbs is run on a test box, it pegs the CPU and
seems to fail.

I'm using Framework: 3.4.0-dev.9052 and Console: 3.4.0-dev.9040

Am I missing something?  Or is there a bug somewhere that I should be
Converting an EXE to a VBS ends up adding a ton of overhead - the VBS
code might just be taking a long time to decode the hex buffer before
writing it to disk to execute. You can try either waiting longer or
finding a smaller EXE to use as a template. My own testing ended up with
a ~980k VBS, but this was using calc.exe from Windows XP SP1.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]