Metasploit mailing list archives
Fwd: against EMET?
From: Joshua Smith <lazydj98 () gmail com>
Date: Thu, 2 Feb 2012 07:16:42 -0500
Oops, forgot to include the list... -Josh
Yes you can. If your scenario is triggering AV its either because your exe is flagged by AV regardless of whether you use MSF, or psexec is triggering it. I don't how prevalent the latter is, someone else might -Josh On Feb 1, 2012, at 22:51, Chip <jeffschips () gmail com> wrote:Hi Joshua and thanks for the reply. I may be barking up the wrong tree here but my scenario is that I already have my own backdoor .exe. What I'm trying to figure out is can Metapsloit take my custom backdoor.exe and inject that rather than the standard tcp_reverse_connect executable or am I way off base here? Thanks. On 2/1/2012 7:09 PM, Joshua Smith wrote:Tho if u r just talking about binary payloads you'll want to google around, scriptjunkie has a nice write up on it from a while back (scriptjunkie.us). Has to do with the stub msf uses to generate the binary iirc -Josh On Feb 1, 2012, at 18:24, Chip<jeffschips () gmail com> wrote:It is my understanding that although Metapsloit can create custom payloads as such: msf> use exploit/windows/smb/psexec msf exploit(psexec)> set EXE::Custom /tmp/mypayload.exe EXE::Custom => /tmp/mypayload.exe these would generally be detected by AV (correct me if I'm wrong). Is there someplace on the net where we can learn how to generate "real" custom payloads that can then be folded into Metapsloit? Thanks. On 2/1/2012 11:31 AM, HD Moore wrote:On 2/1/2012 8:06 AM, Stephen Haywood wrote:Is the stager typically caught by the AV because it gets written to disk but the payload doesn't get caught because it is in memory? If that is the case, then learning how to write custom stagers is a good skill to have for bypassing AV right?The stager is used for both EXE generation and normal payloads (in-memory). AV detection is usually due to the EXE generator's output template hitting known signatures or the mechanics of the stager being detected encoded on disk (but the former is much more common). Getting some experience writing custom payloads of any type (whether its a stager, stage, or single in metasploit terms) will help with HIPS, IDS, and AV evasion. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- against EMET? Jun Koi (Jan 30)
- Re: against EMET? HD Moore (Jan 31)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Feb 01)
- Re: against EMET? Chip (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Jan 31)
- <Possible follow-ups>
- Fwd: against EMET? Joshua Smith (Feb 02)