-
Detecting the Metasploit encryptors in one hour and 49 lines of Python
I’ve seen a lot of blogpostings lately which proclaim that Metasploit payloads encrypted with one of the available encryptors and written into an executable file are somewhat “magically” capable of bypassing AV software (these posts usually contain a couple of VirusTotal links to demonstrate the point). The main scenario considered (from what I gather) is…
-
Writing binary values to files from VBScript
Browsing the interwebs, I came across the following article: Invisible Denizen: ie_unsafe_scripting metasploit module. In it I found a part which raised my curiosity: Unfortunately, it does not allow you to directly write binary files to the file system. (You can use WScript.FileSystemObject to create a ‘text’ file that contains binary data, but this will…
-
Loading the Meterpreter in a DLL
After ranting about Metasploit I played around a little bit and tried out a little and here a part of what I found: Some times it may be useful to load the Meterpreter (or any payload in fact) as a DLL. Two scenarios I can think of: Software Restriction Policies (and many other whitelisting products)…