rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.25k stars 14k forks source link

Feature Request: Stageless RC4 Payloads #11306

Open shawndeckerr opened 5 years ago

shawndeckerr commented 5 years ago

Essentially requesting a bunch of RC4 stageless payloads on windows. I believe it will help a lot more with AV evasion if the payloads are stageless and don't request a second stage. I've found some AV vendors will block comms when the second stage is being retrieved in the current staged versions of the payload. The requested payloads are: 1) windows/meterpreter_bind_tcp_rc4 2) windows/meterpreter_reverse_tcp_rc4 3) windows/x64/meterpreter_reverse_tcp_rc4 4) windows/x64/meterpreter_bind_tcp_rc4

System stuff: Framework: 5.0.0-dev-52af87d278 Console: 5.0.0-dev-52af87d278

Cheers!

busterb commented 5 years ago

This might be best implemented as an evasion module that emits a windows payload rc4 packer.

Viss commented 4 years ago

+1 to this. i remember stageless tcp_rc4 payloads being in here a couple years ago, i guess someone removed them? it was my favorite payload, because when you change the rc4 pw, it changes the hash of the binary that comes out, so that was suuuuuper handy