Implement simple compression / encoding of meterpreter stages #8387
Labels
Comments
|
The stagers in the python payloads are base64 encoded. Can we implement the same in case of the stages because base64 encoding is provided as a direct function in python. @busterb @zeroSteiner |
busterb
added this to To Do
in Improvements to Sessions, Transports, Packets and Communications
|
We shrunk the null pages, but it's not nearly as bad as it was. Definitely improved enough for my initial complaint. |
gwillcox-r7
moved this from To Do
to Done
in Improvements to Sessions, Transports, Packets and Communications
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is especially evident in x64 mettle payloads, but because the payloads include padding, the elf2bin payload blobs are a lot larger than they need to be. A 700k elf file becomes almost 3MB on the wire because we literally transfer all of the padding null bytes into the target memory image. This is a similar story with Python meterpreter where quite a bit is whitespace.
It would be nice if there was some simple compression/encoding stagers could implement to transfer stages in a smaller way. Zlib might be too big, but even a RLE (Run Length Encoding) transfer would cut down on size substantially. If we're ok with a C-based stager, there are probably a lot more things we could try.
The text was updated successfully, but these errors were encountered: