M E R M A I D
Generate customized and undetectable exploits for Metasploit.
Download
What?
Mermaid is a program (Java) which can generate customized exploits (with a lot of options) for windows machines.
There are three types of exploits so far:
VeilEvasion's c/meterpreter/reverse_tcp
The common exploit, which connects to Metasploit server. Courtesy of Veil Evasion.
An IP and port is required in order to use it.
MerBin
An improved exploit, which requires a previously generated shellcode (\x00), and executes it in memory.
MerCodeBin
The best one, requires a shellcode (\x00), and uploads it to Pastebin (you also need the developer API Key of your Pastebin accout, which can be copied from here). Then, when the exploit is running, it downloads the shellcode from there and executes it in runtime.
The program
Interface
The main interface is minimal.
The first time you open Mermaid, a file ("profiles.dat") is created in the same directory, which will contain the configuration of all exploits you create.
The buttons located in the right, do pretty much what they seem to do (lol).
Let's create an exploit
First of all, you must assign a name to the current profile.
Then, as you can see, there are four tabs: 'Exploit', 'Connection', 'Installation' and 'Persistance and Extras'. Let's see what they contain.
Exploit
Here, you can select one of the three types of exploits you've read before.
Connection
In the 'Connection' tab, you can select the connection details, such as IP and port.
As the notice below says, it's only necessary to change the values if you are using Veil Evasion's exploit.
Installation
In 'Installation' tab, you can select where your exploit is going to be saved in the target's machine. You can choose any directory you want, but watch out, some of them might need Administrator Privileges.
There is also the option of using an 'Adittional Folder' which is a directory that will be created inside of the path selected.
It is necessary to set a name for the installation file, and it has to end with '.exe'.
Persistance and Extras
In this tab, you can set some values to the exploit.
The most important might be attaching to the registry, this way it will execute every time the machine is started, and you can select whether you want to attach to HKCU or HKLM.
There are some extra options, such as disabling UAC, disable Firewall or add a Firewall exception (these three need Administrator Privileges).
Down there, there is a 'melt' option, which I recommend not to use, as it might not work.
Building the exploit
This is the window you need, 'Build'. You can select whether you like to use UPX and compress the final executable.
Double click in the '...' button, and select a name for the final file. Hit 'BUILD', and enjoy.