Metasploit update allows backdooring of fully functional EXE

03/25/10

11:52:20 am, by Chad Sullivan, 131 words
Categories: Pen Testing

Metasploit update allows backdooring of fully functional EXE

Attention Pentesters!

There was an interesting update to Metasploit (go do your SVN UP) that now allows msfencode to add an existing msfpayload to a pre-existing EXE of your choice while retaining full EXE functionality. What does this mean? Well, for starters, it would allow you to get an individual to run a known .exe that functions as expected to the user yet runs your shellcode in the background (like meterpreter).

Once you attach to the meterpreter session or it attaches back to you, you can now use the somewhat recent ability to migrate the meterpreter session from the backdoor of the new exe to something that will not terminate like explorer.exe.

Voila! Pwned via the Bowling_Elves.exe... Again...

For more info and step-by-step process by example see: here

Permalink

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

RSS 2.0: Posts
Atom: Posts

What is RSS?

Priveon Labs Security Blog

Metasploit update allows backdooring of fully functional EXE

03/25/10

Metasploit update allows backdooring of fully functional EXE

Search

Categories

XML Feeds

Archives