Posts tagged Payload

7 min Metasploit

Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells

Introducing encrypted, compiled payloads in Metasploit Framework 5

8 min Metasploit

Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.

The Survey One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400 responses and over 200 write-in suggestions for new features. We have spent the last month parsing through your responses, identifying dependencies, and actively delivering new features based on your requests. These requests covered 20 different categories: General Feedback Metasploit F

2 min Payload

12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule

This post is the second in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014._ For today's HaXmas amusement, I have something fun to share with you all. So the other day I was watching this movie called The Knowing [], an action-thriller starring Nicolas Cage. The story of this movie begins with a school teacher telling the students that as part of the s

3 min Payload

Shellcode Golf: Every Byte is Sacred

Shellcode is an exercise in trade-offs. To be really flexible and fit in the most exploits, shellcode must be small.  On the other side of the scale, there are certain features that you need or want, each adding to the size. For instance, doing DNS resolution in the first stage payload is useful, but (in Windows) requires adding 80 bytes to the stager. So we have to balance size, which is very important for compatibility with some exploits that have limited buffers to work with, with features a

2 min Exploits

New Metasploit Payloads for Firefox Javascript Exploits

Those of you with a keen eye on metasploit-framework/master [] will notice the addition of three new payloads: * firefox/shell_reverse_tcp * firefox/shell_bind_tcp * firefox/exec These are Javascript payloads meant for executing in a privileged Javascript context inside of Firefox. By calling certain native functions not meant to be exposed to ordinary web content, a classic TCP command shell can be opened. To a pentester, these payloads are use

5 min Exploits

Stage Encoding -or- How I Learned to Stop Worrying and Love the String#<<Operator

As I mentioned in my post about compiling on the fly [/2013/01/08/compiling-payloads-on-the-fly-for-postgresql], encoders' primary purpose in life is to avoid bad characters in a payload. To recap, the main reason a character is considered "bad" is that some aspect of the exploit makes use of that character impossible.  One reason this might be the case is when a character gets stripped out or mangled along its journey through protocol decoding. For example, in the telnet protocol, \xff is the I

2 min Vulnerability Disclosure

March Patch Tuesday Roundup

Since Microsoft is on this new staggered pattern of releases, we can expect a feast or famine every other get used to it. Depending on what side of the desk you sit on you can adjust the context. With that being said, this month's release brought us 3 patches addressing  4 vulnerabilities. I think we were all expecting to see the MHTML [] protocol handler issue resolved, however it didn't make the cut. Make sure IE is in r

1 min Metasploit

Help your new sweethearts call home to Metasploit

Setting listener host and ports for payloads in Metasploit Pro Life is full of disappointments: You spend a lot of time flirting with a cute new machine, convince it to accept your payload, and never get a call back – just because the big bad NAT is not letting your new sweetheart phone home. That's why many of you broken hearted pentesters have asked us to make the listener port and IP address for payloads configurable to ports that are usually accessible, such as ports 80 and 443. This week'