2

Question was once on a mailing list but wasn't answered. I want to use a custom exe as a payload in metasploit. For example when I use exploit/multi/browser/java_atomicreferencearray and want to execute my payload.exe, how can I do that?

It is possible in SET, where you can just import a custom executable.

Is it possible in Metasploit?

JohnnyFromBF
  • 1,413
  • 4
  • 16
  • 23

1 Answers1

5

You can execute any payload file or string you like using the msfconsole with these options:

PAYLOADFILE The file to read the payload from
PAYLOADSTR  The string to use as a payload
ARCH        The architecture that is being targeted
PLATFORM    The platform that is being targeted
VERBOSE     Enable detailed status messages
WORKSPACE   Specify the workspace for this module

http://www.metasploit.com/modules/payload/generic/custom

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 1
    What I did was: `set PAYLOAD generic/custom` `set PAYLOADFILE /var/www/install.exe` `generate` `use exploit/multi/browser/java_atomicreferencearray` `exploit` Now I get an error saying `[-] Exploit failed: Could not locate a compatible payload for Java/java` What am I doing wrong? – JohnnyFromBF Apr 27 '12 at 22:22
  • There could be so many reasons, from incorrect syntax to wrong locations for modules etc. You need to have a read through http://dev.metasploit.com/redmine/projects/framework/repository documentation and have a look at other examples. – Rory Alsop Apr 27 '12 at 23:02