25 – 01 Revolution Edition
What’s new in this version?
- msfpayload functionality: It can create exe files that connects upon execution using pre-configured settings “exactly as msfpayload generated exe”, however, generated exe files still accept command line arguments and settings could be reset or changed, all that supported from within that single exe … “meterpreter-on-steroids”. (thanks mihi for the hint…)
- The generated exe is a pre-configured ultimet that can be used to create OTHER exe files! so, let’s say you created a reverse_tcp exe using the
--msfpayload
option, you can use THAT exe later to create another bind_metsvc, then use THAT exe to create a reverse_http … and so on, or simply reset to default…pretty neat!
- Linux support: the msfpayload-like functionality works under linux perfectly fine using “wine >= 1.3.17″, no need to leave your beloved *n?x box to create a pre-configured exe.
- Run-time parsing and Patching of the ReflectiveDLL: Offset of ReflectiveLoader function is calculated at runtime and bootstrap is patched in memory, so, in plain english, you can use your own self-compiled metsrv.dll as the stage! “By Anwar Mohamed – @anwarelmakrahy”.
- –remove-stage option: No need to use a resource editor to remove the stage from the exe, using the new option will create a new file with stage removed.
Read more here, download the zip file from here, fork the project at GitHub from here or learn how to compile from source fro here “a bit outdated, but you’ll get the point”
What’s with that strange version number?
The previous version was 0.2, Calling this version 0.25.1 is our way of celebrating the anniversary of the Egyptian Revolution that started (25-01-2011) 🙂
kindly wish us luck, since we’re still struggling to get out of the !@#$ pit holes the previous regime kept us living in for the previous 30 years.
x4r0r
It is detected by the antivirus … but the source code can be modified ? , Another question ,creates temporary files in the system ? , Second question , the task manager, the exe file generated by the ultimet … appears in the ?
sherif
1) of course it is now flagged by AV, what did you think? it will be undetected forever?
2) Yes, source code is available TO BE modified “hint: remove all `printf` strings and recompile on another compiler ;>”.
3) No, ultimet does not create temporary files to work, it does everything in memory.
4) if you want the file to `disappear` from task manager upon execution, it needs to be modified to “inject” itself to another process … that’s a good candidate for a future version, in the meantime, you can set-up the listener’s “AutoRunScript” to automatically migrate to another process upon connection.