|
Metasploit
mailing list archives
Re: inline meterpreter payload
From: Matthew Weeks <scriptjunkie1 () googlemail com>
Date: Sun, 16 Sep 2012 09:44:25 -0500
As far as the original question of creating an all-in-one meterpreter
payload goes though (DLL included), you probably want to look at the
metsvc handlers and source. Metsvc is effectively a persistent bind
meterpreter backdoor that doesn't transmit the DLL on connect.
https://github.com/rapid7/metasploit-framework/tree/master/external/source/metsvc
scriptjunkie
On Fri, Sep 14, 2012 at 3:21 PM, Richard Miles
<richard.k.miles () googlemail com> wrote:
Hi Sherif El-Deeb,
Great explanation, make a lot of sense what you told.
On the other side I think it make modifications to avoid antivirus much
harder. For example, it's not possible to use a strong packing at .dll since
it will prevent the patching in memory of the addresses that will be used
for further connections. I think this will make detection for AV gateways
easier.
Thanks.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
 By Date 
By Thread
Current thread:
Re: inline meterpreter payload HD Moore (Sep 07)
Re: inline meterpreter payload Raphael Mudge - Raffi's House of Shells (Sep 13)
| 
