Open EgeBalci opened 6 years ago
jmartin-tech
commented
6 years ago Have you considered using autorun RC scripts for this idea. It may be reasonable to add in a specific built in if there is enough interest.
https://offensiveinfosec.wordpress.com/2012/04/22/automation-is-the-name-of-the-pentest-game/
EgeBalci
commented
6 years ago Just realized that dllinject payloads (windows/dllinject/*) on msf are what i was looking for but when i try to select a non DLL file it is not sending it. Probably the reason is some sort of validation that checks if the selected file is a legit DLL or not. Removing this validation makes it possible to send second stage payloads other than reflective DLLs. i don't think it would break anything it looks like a very simple detail and i also can't see the reason why it needs to validate the file type.
It would be great to have the option for selecting the second stage payloads on handler. This option could allow deploying multi stage payloads other than meterpreter and widens the attack surface. With the ability to select the second stage payload basic meterpreter loader shellcodes/payloads (windows/meterpreter/reverse_tcp,http,https) can load other Reflective DLLs, reflectively packed EXE files or bigger shellcodes. This option could be added as a "advanced option" to metasploits multi handler. I think adding this would be very helpful to a lot of people :)