While Windows has always been well supported with Metasploit's Meterpreter payload, other platforms have not historically had similarly sophisticated options available. Metasploit has four alternative Meterpreter implementations, targeting Android, Java, Python and PHP, but these also are not always usable, since they target a particular software platform as well. This is especially a problem with embedded devices, where one must fall back to a simple unencrypted TCP shell. While this is fine for research purposes, it is not optimal for practical exploitation or red-teaming, where an offensive security professional would prefer to maintain as high operational safety and integrity as possible.
In this talk, I will explore the process of designing and developing a new cross-OS and cross-platform Meterpreter payload for Metasploit. It uses very few resources, making it suitable for targets from routers to phones to mainframes. At the same time, it offers more functionality, confidentiality, and security than a reverse shell. It is fully relocatable and self-contained, making it reusable in many contexts. I will also demonstrate the payload using diverse C2 transports to evade detection, and its target flexibility, running on an S390 mainframe, an iPhone, and a SOHO consumer router.