HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 188 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow using code from Metasploit
EH-Net
May 23, 2013, 09:41:07 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: using code from Metasploit  (Read 3017 times)
0 Members and 1 Guest are viewing this topic.
wlandymore
Newbie
*
Offline Offline

Posts: 34


View Profile
« on: March 19, 2012, 02:03:26 PM »
I'm just trying to use the code that I've got from Metasploit and wondering how I compile it basically. I'm using the /linux/x86/chmod payload and then I set the options and then entered 'generate'. It spits back the code but do I then take this and make my own file to compile or can it be run from within the console somehow.

Sorry, new to Metasploit. Smiley
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1633



View Profile
« Reply #1 on: March 19, 2012, 03:26:52 PM »
I'm assuming you're referring to having generated shellcode, is that correct?  If so, that is shellcode to be used with an existing exploit, by inserting your code into it, in place of other, existing shellcode, in the POC or example exploit.

Conversely, in some cases, you can also have it generate executables for a given platform.  I don't have my metasploit handy, to see what you're working with, to give more detail, right the moment.  But basically, you'd need to either do as I mentioned, above, or pick a different exploit, that generates a working executable, and use that payload code with it.
« Last Edit: March 19, 2012, 03:28:59 PM by hayabusa » Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
hayabusa
Hero Member
*****
Offline Offline

Posts: 1633



View Profile
« Reply #2 on: March 19, 2012, 03:30:44 PM »
See, for instance, the notes on 'Custom Executables', at:

http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/

Specifically, the link, therein, to:

http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/

<Edit again, sorry>
Note - I know this talks of exe's, but the same concept applies to unix-based executables, etc.  You just need the proper arguments/methods.  Here is an example of Linux executable, from Metasploit Unleashed:

http://www.offensive-security.com/metasploit-unleashed/Binary_Linux_Trojan
« Last Edit: March 19, 2012, 03:36:08 PM by hayabusa » Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
wlandymore
Newbie
*
Offline Offline

Posts: 34


View Profile
« Reply #3 on: March 20, 2012, 10:34:07 AM »
yeah, I generated the shellcode. I put it in in a generic script and then tried to compile it but it failed. However, it may not have been exactly what I needed to make it run. I was trying to use the chmod shellcode but I haven't really done this stuff before so I'm being baptized by fire. Smiley

I'll read through all of those and see if I can make sense of it.

Thanks.
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1633



View Profile
« Reply #4 on: March 20, 2012, 12:49:00 PM »
No worries.  If you get through those, and are still having trouble, drop me a PM on here, and I'll try to help you figure out your issue.

(But please try to figure it out, first...  Makes the learning more valuable to you, as you work through things)

 Wink
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
wlandymore
Newbie
*
Offline Offline

Posts: 34


View Profile
« Reply #5 on: March 20, 2012, 01:19:31 PM »
sure...I understand.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.074 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.