Solved

metasploit payload

Posted on 2015-02-19
4
123 Views
Last Modified: 2015-03-01
Experts,

I am practicing offensive security.  Since the payload in a reverse TCP shell is an EXE, any antivirus is going to catch it.  Is there a way to generate the same type of payload that is not an EXE file?
0
Comment
Question by:trojan81
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40621113
first most, I do caution that diligence and care is taken for such exercises and I believe the experts' sharing do not advocate the teaching for ill intent. Such use case should be just form of testing within controlled environment and with proper owner authorisation given. This has to be an informed testing or trial with legitimate notice and approval too as a whole please.

This link has the run through (see the different Payload in their option table). Specifically, the payload can be exe or bin delivered, the ammunition is in the shellcode which can also leverage a stager for  a small initial entry with actual larger payload injected subsequently.  http://help.metasploit.com/Content/22-payloads/payload-generator.html

Looking at below for a quick summary that msfpayload command accepts:
    Output Types:
    S summary and options of payload
    C C language
    P Perl
    y Ruby
    R Raw, allows payload to be piped into msfencode and other tools
    J JavaScript
    X Windows executable
    V VBA

Sidenote - Eventually most are still exe though the packaging differs like in the case of using Veil toolkit (looking into python driven payload delivery) -  https://www.christophertruncer.com/veil-a-payload-generator-to-bypass-antivirus/
0
 

Author Comment

by:trojan81
ID: 40625110
btan,

Is the info displayed from this site only accessible from metasploit pro?
http://help.metasploit.com/Content/22-payloads/payload-generator.html

I don't have pro. I just have the free version that comes with kali Linux.  

On a side note, I am not attacking anybody. All of the testing is done on my own lab networks for education purposes.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40625230
Thanks for clarifying the intent of the testing.
Yes for Pro if using dynamic payloads are exclusive to Metasploit Pro.
The Payload Generator with Classic Payloads is available in the free Metasploit Community Edition as well as the commercial editions Metasploit Express and Metasploit Pro. Dynamic Payloads can also be downloaded as stand-alone executables and are exclusive to Metasploit Pro.
https://community.rapid7.com/community/metasploit/blog/2014/03/26/new-metasploit-49-helps-evade-anti-virus-solutions-test-network-segmentation-and-increase-productivity-for-penetration-testers

However, if you check out the output option ""Choose from the following formats: executable, raw bytes, or shellcode buffer." that should still be available for all MS build.
0
 

Author Closing Comment

by:trojan81
ID: 40638966
thank you
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question