Metasploit mailing list archives
Problems using metasploit over ISA proxy
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 16 Jun 2006 10:40:31 -0500
On Thu, Jun 15, 2006 at 01:13:52AM -0700, Ben Heinkel wrote:
Hello, Have recently had some time to try and play around with the PassiveX payload for metasploit. Unfortunately with not too much luck. WinXP SP2 box with Winamp 5.12 installed - connecting to a linux box running Metasploit with the winamp_playlist_unc exploit. On a direct connection using the win32_reverse payload, everything works as planned. Now when I try to route traffic from the XP box through an ISA proxy - the returned code fails to exploit winamp successfully (Winamp comes up, but no playlist loaded). The type of payload used here is irrelevant I think (have tried with both win32_reverse and win32_passivex though), because the exploit does not even happen. The proxy requires authentication, which I do manually at the start of the connection. Have looked at the proxy logs, and have not found any errors. Would ISA somehow 'sanitize' the exploit code rendering it useless once it reaches the XP box ?
I wouldn't think that the ISA proxy would do anything with the responses that would render it useless. I'd recommend sniffing on the client-side to see if you can distinguish a difference in behavior between exploiting over the direct connection and exploiting through the ISA proxy, aside from the obvious difference of the requests traversing the ISA proxy. This might help narrow down the problem.
Current thread:
- Problems using metasploit over ISA proxy Ben Heinkel (Jun 15)
- Problems using metasploit over ISA proxy mmiller at hick.org (Jun 16)