Home page logo

metasploit logo Metasploit mailing list archives

Introducing [ultimet] - the ultimate meterpreter executable
From: Sherif El-Deeb <archeldeeb () gmail com>
Date: Sun, 13 Jan 2013 13:46:28 +0300

Please accept my apologies in advance for the Blog Spam.

- A tool has been created [ultimet] which is a flexible “meterpreter”
stand-alone exe that takes LPORT, LHOST, TRANSPORT and many other
options as command line arguments.
- It supports “reverse_tcp”, “reverse_http”, “reverse_https” and
“reverse_metsvc”  ...  "bind" transports are planned to be included
soon, God willing.
- It supports multiple options to include the “stage” as a resource
with the exe, or loading it from a file, turning it into a single
stage “inline” meterpreter with everything included `out of the box`.
- When the stage is included as a resource or loaded from a file in
encrypted form,  it gets decrypted, patched in memory and executed at
- A tool "ultimet_xor.exe" is included to uniquely encrypt your own
metsrv.dll if you so desire.
- The exe without the stage (ultimet) is 37kb when UPX'ed -> 95kb normal.
- The inline exe with the stage as resource (inmet) is ~480kb UPX'ed
-> 850kb normal.

More details are (apologies) here http://eldeeb.net/wrdprs/?page_id=156
Source code: Github: https://github.com/SherifEldeeb/inmet/

Bug reports, code contributions...etc. are welcomed and highly appreciated.

(P.S: I am not a developer, that's the first usable program I ever do
in C/C++ ... so, easy on me regarding the messy code)

Best Regards,
Sherif Eldeeb.

  By Date           By Thread  

Current thread:
  • Introducing [ultimet] - the ultimate meterpreter executable Sherif El-Deeb (Jan 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]