Metasploit mailing list archives
Payload Handler issues in MSF 3.0-r3
From: hdm at metasploit.com (H D Moore)
Date: Thu, 29 Jun 2006 12:42:28 -0500
The stable tree (2.x) behaves the same way. The alternative would require every exploit to explicitly start the payload handler, which IMO is more boilerplate and not very useful in the long run. Most exploits have a very small time window between the initial exploit launch and when the payload has been injected. I agree that with some exploits, such as netvault, this can seem a bit silly, since the payload handler starts running way before the exploit could have possibly finished. If the behavior bothers you, just switch to a handler that doesn't generate traffic (any of the *reverse* payloads for instance). -HD On Thursday 29 June 2006 11:17, Rhys Kidd wrote:
While the port 4444 attempts are simply met with a RST flag until the bind socket is correctly initialised, I?m wondering why the attempts begin so early. This particular exploit does take some time to run through the exploitation process, and the ret overwrite doesn?t occur until we have made ~6 further attempts to connect to the vulnerable service after the payload is delivered. Can anyone shed some light on why the payload handler is so eager?
Current thread:
- Payload Handler issues in MSF 3.0-r3 Rhys Kidd (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Simple Nomad (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Chris Byrd (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Nicob (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Re: Porting to MSF 3.x Rhys Kidd (Jun 29)
- Re: Porting to MSF 3.x H D Moore (Jun 30)