metasploit-framework/external/source/shellcode/windows/msf2/README

This directory contains the win32 payload development environment used
for creating the payloads in version 2.2 of the Metasploit Framework.

The 'nasm' executable must be in your path to use the included build tool.

The included 'build' script automatically creates a number of file types
each time it used to compile a payload. These file types are:

    - Native ELF executable
    - Win32 PE executable
    - Generated C source code
    - Raw opcodes in ".bin" format

The PE executable templates were developed by 'rix' and used with permission.

To use this script, simply run ./build <name of payload>, where the name
does not include the ".asm" suffix. To build win32_stage_api.asm, the 
command line would be "./build win32_stage_api". 

The Win32 payloads are somewhat modular, each component includes other
components to create the final payload. The dependency tree for the
reverse connect shell is:

win32_stage_api.asm
  win32_stage_boot_winsock_conn.asm
    win32_stage_boot_reverse.asm
      win32_stage_shell.asm


This allows the different components to be maintained invidually, shared 
among multiple payloads, and converted into multi-stage payloads almost
instantly. This release includes the following last-stage payloads:

win32_stage_shell.asm
    Executes cmd.exe with in/out redirected to socket, this is used by
    the reverse connect and bind stagers.
    
win32_stage_winexec.asm
    This payload simply executes an arbitrary command line, it can be used to
    accomplish things such as ftp/download/execute sequences, adding a user
    accounts, or just signaling that the exploit was successful.
    
win32_stage_inlineegg.asm
    Writes GetProcAddress/LoadLibaryA address to socket, then reads and execs 
    the rest of the payload from the socket. This allows us to send InlineEgg
    generated payloads as a last stage.

win32_stage_uploadexec.asm
    Reads a file size from socket, then opens up a hidden/system local file
    (c:\metasploit.exe) and downloads the executable from the socket into this
    file. Once the download is complete, it then executes this file with in/out
    redirected to the socket. This can be extremely useful when combined with
    a self-extracting/executing rootkit or language intepreter (perl.exe).
Adds initial support for IPv6, including two stager. Tested Meterpreter over IPv6 stages on XP and Vista. Using this is still tricky, I will add a wiki page tomorrow to explain the ScopeID stuff for link-local testing. This commit also includes the raw (oversized) assembler for the stagers as well as the entire old metasploit assembly set (useful for development). git-svn-id: file:///home/svn/framework3/trunk@5635 4d416f70-5f16-0410-b530-b9f4589650da 2008-08-22 06:34:57 +00:00			`This directory contains the win32 payload development environment used`
			`for creating the payloads in version 2.2 of the Metasploit Framework.`

			`The 'nasm' executable must be in your path to use the included build tool.`

			`The included 'build' script automatically creates a number of file types`
			`each time it used to compile a payload. These file types are:`

			`- Native ELF executable`
			`- Win32 PE executable`
			`- Generated C source code`
			`- Raw opcodes in ".bin" format`

			`The PE executable templates were developed by 'rix' and used with permission.`

			`To use this script, simply run ./build <name of payload>, where the name`
			`does not include the ".asm" suffix. To build win32_stage_api.asm, the`
			`command line would be "./build win32_stage_api".`

			`The Win32 payloads are somewhat modular, each component includes other`
			`components to create the final payload. The dependency tree for the`
			`reverse connect shell is:`

			`win32_stage_api.asm`
			`win32_stage_boot_winsock_conn.asm`
			`win32_stage_boot_reverse.asm`
			`win32_stage_shell.asm`


			`This allows the different components to be maintained invidually, shared`
			`among multiple payloads, and converted into multi-stage payloads almost`
			`instantly. This release includes the following last-stage payloads:`

			`win32_stage_shell.asm`
			`Executes cmd.exe with in/out redirected to socket, this is used by`
			`the reverse connect and bind stagers.`

			`win32_stage_winexec.asm`
			`This payload simply executes an arbitrary command line, it can be used to`
			`accomplish things such as ftp/download/execute sequences, adding a user`
			`accounts, or just signaling that the exploit was successful.`

			`win32_stage_inlineegg.asm`
			`Writes GetProcAddress/LoadLibaryA address to socket, then reads and execs`
			`the rest of the payload from the socket. This allows us to send InlineEgg`
			`generated payloads as a last stage.`

			`win32_stage_uploadexec.asm`
			`Reads a file size from socket, then opens up a hidden/system local file`
			`(c:\metasploit.exe) and downloads the executable from the socket into this`
			`file. Once the download is complete, it then executes this file with in/out`
			`redirected to the socket. This can be extremely useful when combined with`
			`a self-extracting/executing rootkit or language intepreter (perl.exe).`