Reading Time: < 1 minute

Following the really interesting article of Tek :

Where he described how to get a valid URL for CobaltStrike, I tried to check if it was the same for Metasploit as he mentionned.

Didier Stevens also has this in his tools : -a checksum8 #aaa9 => 15c => 5C == 92 which is a valid MetaSploit Checksum.

But testing it myself, showed it didn’t work on my Metasploit C2C server.

Looking again at the Metasploit source code :

a few other checks popup and there is a minimum length calculation.

So I changed the minimum length from Tek’s code to 27

Output of the tool is :

wget –no-check-certificate -O metasploit.bin –user-agent=”Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko”

Bingo, the meterpreter is being downloaded.