Dynamic payload generation with mingw | PassTheHashBrowns
In my spare time I’ve been developing a C2 framework as a way to become more familiar with the workings of a tool that I’ve spent a lot of time using, but didn’t fully understand. After getting my teamserver and a prototyped implant up and running, I began working on some of the more complicated features of a C2 framework. One area that I had trouble with was getting dynamic payload generation up and running, as I wasn’t able to find many blogs on the subject.
Up to this point I had mostly been manually compiling my loaders with shellcode generated by a C2. But since I’m the C2 now, I had to figure out how to provide said shellcode. Since the Visual Studio toolchain isn’t available on Linux without something like WINE, I turned to a cross-compiler. I decided pretty quickly to use mingw-w64 for this purpose. While I was trying to figure out how to compile a PIC with mingw, I found this post from the Metasploit team. The post talks about using mingw in Metasploit for that exact purpose, which pretty much solved my problem statement. At this point I think half my career is trying to figure something out and realizing either Metasploit or Cobalt Strike did it in like 2013.
Even with that resource it took me a while to get all of the moving parts working together smoothly so I figured it might make an interesting topic to blog about. So in this post we’ll look at the following:
