Hi,
As of r3768 UPX is not part of sqlmap anymore and the --os-pwn switch
has been slightly revamped. As per commit message:
"""
[...] Now the Metasploit shellcode can not be run as a Metasploit
generated payload stager anymore. Instead it can be run on the target
system either via sys_bineval() (as it was before, anti-forensics
mode, all the same) or via shellcodeexec executable. Advantages are
that:
* It is stealthier as the shellcode itself does not touch the
filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast
excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit
payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller
and less likely to be detected itself as malicious by your AV
software.
[...]
"""
Cheers,
Bernardo
On 21 April 2011 12:00, Miroslav Stampar <mir...@gm...> wrote:
> hi all.
>
> just to inform you that --os-pwn was down for last couple of days due
> to a bug (if run on non-Windows platforms) with packing of payloads as
> a result of our anti-virus avoiding maneuverers (UPX is falsely flaged
> as virus by 10% of antivirus software, and it's quite annoying that
> for example Avast triggers on official 0.9 release because of UPX).
>
> now everything should be back on tracks.
>
> kr
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
