Re: msfencode and Windows 7

[Sherif El-Deeb <archeldeeb () gmail com>]

I am assuming you are  using "windows/meterpreter/reverse_tcp",
msfencode "-e x64/xor" with a 64bit binary template, right? ... it
won't work because the specified payload
"windows/meterpreter/reverse_tcp" is 32bit encoded by a 64bit encoder
on a 64bit template.

If you are taking the x64 route, EVERYTHING has to be x64, by that I
mean you should use "windows/x64/meterpreter/reverse_tcp" *NOT*
"windows/meterpreter/reverse_tcp" ... ok?.

And please note that all 32 bit standalone payloads work on 64 bit
systems without a problem, please use the x64 bit payloads only when
you are *exploiting* an application that is 64bit.

Kindly let me repeat that giving more info will (help us) (help you)
better, so, a good example would have been giving us the commands you
typed, the platform you are targeting, and how exactly "it did not
work".

Sherif Eldeeb.

On Wed, Jun 27, 2012 at 7:39 AM,  <brian.milliron () ecrsecurity com> wrote:
> One thing about this still doesn't make sense though.  I tested several
> different encoders and one was x64/XOR.  Shouldnt that have worked with the
> 64 bit exes?
>
> -------- Original Message --------
> Subject: Re: [framework] msfencode and Windows 7
> From: Sherif El-Deeb <archeldeeb () gmail com>
> Date: Sat, June 23, 2012 10:29 pm
> To: brian.milliron () ecrsecurity com
> Cc: framework () spool metasploit com
>
> It won't be Microsoft if it didn't put the "64bit" binaries in a
> Directory named "32" and put the "32bit" binaries in a directory
> called "64" :)
>
> On Sun, Jun 24, 2012 at 1:51 AM, <brian.milliron () ecrsecurity com> wrote:
> > Right.  How silly of me to think there would be 64 bit binaries in the
> > SysWOW64 folder.  Microsoft strikes again.  Thanks, I think that was
> > indeed
> > the problem.
> >
> > -------- Original Message --------
> > Subject: Re: [framework] msfencode and Windows 7
> > From: Sherif El-Deeb <archeldeeb () gmail com>
> > Date: Sat, June 23, 2012 12:09 pm
> > To: brian.milliron () ecrsecurity com
> > Cc: framework () spool metasploit com
> >
> > You might be using the x64 windows executables as templates for x86
> > payloads... so, instead of taking c:\windows\system32\calc.exe - take
> > - c:\windows\SysWOW64\calc.exe which is the 32bit version of the
> > application.
> >
> > And to be able to help better, please give us more info. "...known
> > issues..." is not very descriptive, isn't it? :)
> >
> > Sherif Eldeeb.
> >
> > On Sat, Jun 23, 2012 at 9:47 PM, <brian.milliron () ecrsecurity com> wrote:
> > > Are there known issues with using Windows 7 executables as a template in
> > > msfencode?  I've searched the archives and didn't find anything.
> > >
> > > Brian
> > >
> > > _______________________________________________
> > > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework