7

I tried to encode my tool, which was developed by me with Ruby, by using msfvenom of Metasploit Framework and I succeed. My source code was encoded completely. But, when I tried to use my encoded tool, I met an error "command not found". What is the problem? As with encoded payloads work, why didn't my encoded tool work? Here are my steps which I follow:

cat Desktop/lugat | msfvenom -p - -a x86 --platform linux -e x86/shikata_ga_nai -f raw > /home/hefese/Desktop/test
./test -h

Output:

./test: line 1: buf: command not found
./test: line 2: \xb8\xad\x4e\x1d\x84\xdb\xc5\xd9\x74\x24\xf4\x5d\x33\xc9: command not found

[...]

./test: line 2961: \xb6\x03: command not found

Could anyone explain my fault?

Thanks in advance.

Hasan
  • 529
  • 1
  • 6
  • 16
  • It's running your output file as a shell script. Looks like it should be running it as something else. – d1str0 Mar 07 '16 at 08:13
  • Well, what should I do? – Hasan Mar 07 '16 at 08:39
  • I don't know enough about msfvenom to suggest anything. I would read their documentation and look for examples. My first guess is that since ruby is a script, not a binary, it won't work correctly. – d1str0 Mar 07 '16 at 08:40

3 Answers3

1

shikata_ga_nai is for encoding shellcode (aka, instructions to be executed by the processor). You cannot process/encode arbitrary data (and ruby source is just data) with it.

David
  • 16,074
  • 3
  • 51
  • 74
0

You need to change the -f parameter of msfvenom, because you saved your script into a raw format, just use ruby format instead. This is the command:

cat Desktop/lugat | msfvenom -p - -a x86 --platform linux -e x86/shikata_ga_nai -f ruby > /home/hefese/Desktop/test ./test -h
0

Try removing the -f flag and parameter entirely. It will default to raw output, which will be written to whatever file you specify.

This has worked for me many times.

The Defalt
  • 98
  • 7