Sign in to follow this  
Followers 0
solid332

WMFmaker

5 posts in this topic

My searching skills must be off today. Where can I find a copy of WMFmaker?

I'm curious is the generated WMF file can be exploited on Windows 2000?

- solid332

0

Share this post


Link to post
Share on other sites

Irongeek,

I'm trying to test a non metasploit WMF version. Or does the WMFmaker use the same shellcode as Metasploit?

Basically, I'm trying to figure out if a WMF generated by WMFmaker will execute on my Windows 2000 box. I know that the metasploit version will not.

0

Share this post


Link to post
Share on other sites

My understanding is it is based on the Metasploit one.

From http://www.f-secure.com/weblog/ :

We just received a sample of easy-to-use WMF construction kit. The WMF file it generates is based on "first generation" metasploit exploit which itself was based on the very first WMF exploit found in the wild last week. The program itself is not that interesting, it is a console-mode Windows application that just generates a file named "evil.wmf" with whatever payload given from command line. The application is user-friendly but the user still needs to know how to write assembly payloads (or where to download one). That, in addition to fact that at least some WMF files it generates are buggy, makes this construction kit a minor threat.

We detect the constructor kit as VirTool.Win32.WMFMaker.a

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0