lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <536D5A0F.60709@gmail.com>
Date: Fri, 09 May 2014 17:43:27 -0500
From: Brandon Perry <bperry.volatile@...il.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] A small project: metafang

Hi,

I gave a short presentation on this tool in a turbo talk at ISSW this
year. It is a C# application using GTK for the UI that interfaces with a
Metasploit RPC instance and creates .NET payloads that will execute
x86/x86_64 shellcode straight from Metasploit. You can create a single
executable with both Linux and Windows payloads and the executable will
decide at runtime what operating system and architecture it is running
on. It will then run the correct payloads you have chosen for that
operating system and architecture.

The code is here: https://github.com/brandonprry/metafang2

It requires bindings I wrote that interface with the Metasplot RPC:
https://github.com/brandonprry/metasploit-sharp.git

I would love feedback on this. There is an option to encrypt the
payloads as well, but this isn't super stable yet. Even if you don't
encrypt the payloads, AV doesn't catch default metasploit connectbacks
using this...

I also have tabs for Mac and will embed Mac payloads, but they currently
do nothing with the current technique. I believe implementing something
like the C code at the bottom of this post could resolve this behaviour:
http://www.akkadia.org/drepper/selinux-mem.html

Currently the technique I use to execute the shellcode on Unix probably
won't work if you have SELinux running. Again, I think the technique in
the above post could resolve this.

I develop this on Linux but I can't think of anything except the GTK
dependence that would cause it to not work on other operating systems.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ