Home page logo
/

metasploit logo Metasploit mailing list archives

Re: inline meterpreter payload
From: Matthew Weeks <scriptjunkie1 () googlemail com>
Date: Sun, 16 Sep 2012 09:44:25 -0500

As far as the original question of creating an all-in-one meterpreter
payload goes though (DLL included), you probably want to look at the
metsvc handlers and source. Metsvc is effectively a persistent bind
meterpreter backdoor that doesn't transmit the DLL on connect.
https://github.com/rapid7/metasploit-framework/tree/master/external/source/metsvc

scriptjunkie


On Fri, Sep 14, 2012 at 3:21 PM, Richard Miles
<richard.k.miles () googlemail com> wrote:
Hi Sherif El-Deeb,

Great explanation, make a lot of sense what you told.

On the other side I think it make modifications to avoid antivirus much
harder. For example, it's not possible to use a strong packing at .dll since
it will prevent the patching in memory of the addresses that will be used
for further connections. I think this will make detection for AV gateways
easier.

Thanks.


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault