The Metasploit team is happy to introduce encrypted, compiled payloads in MSF 5. The new payload type communicates over an encrypted connection using the ChaCha20 cipher, which adds a stealth layer and prevents would-be snoopers from easily analyzing the traffic between the payload and Framework. Along with the encryption, Metasploit can generate a random authentication key every time the payload is used, even rejecting unauthenticated connections, a feature it shares with earlier work on pingback payloads. To make all of this functionality possible, we’ve also added a library that utilizes the Mingw-w64 toolchain on the user’s system to compile the new payloads on the fly from generated C code. Employing a compiler enables quicker, more accessible, and more easily modifiable development of payloads compared to assembly language.
Metasploit’s initial encrypted payloads were developed with extensibility in mind; further work, for example, might include utilizing code randomization and obfuscation functionality to further improve stealth capabilities in the future. This release includes four new reverse TCP payloads for Windows x86 and x64 architectures (two stageless and two staged payloads).
Traditional Metasploit command shell payloads typically exist as pre-written assembly stubs that, upon generation, are concatenated based on user- and exploit-provided options and then assembled by Metasm. These new payloads leverage techniques introduced by Matt Graeber and Nick Harbour, some atypical Mingw-w64 compiler options, and a new library to start from a C program and end with position-independent shellcode.
Going from C to positi ..
Support the originator by clicking the read the rest link below.
