Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter

[wfdawson <wfdawson () bellsouth net>]

Thanks for the quick answer. Unfortunately, my well established pen testing platform died horribly last week, and this 
result is from a newly built platform.  The network adapter is strictly internal, not USB, so the logged USB events are 
really confusing.  I used the SYN scanner a couple of weeks ago through a pivoted connection; I guess that was some 
rare fluke... using portscan/tcp now and getting the expected results.

Thanks again!



________________________________
From: HD Moore <hdm () metasploit com>
To: framework () spool metasploit com
Sent: Wed, March 24, 2010 12:31:48 AM
Subject: Re: [framework] Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter

On 3/23/2010 11:21 PM, wfdawson wrote:
> I start off with a compromised host.  I execute a Meterpreter payload
> .exe created with msfpayload / msfencode, and establish a connection
> back to my pen testing host.  I determine the locally routed networks,
> background the session, and configure a route, e.g.:
>
> route add 172.18.0.0 255.255.0.0 1
>
> Then, I use auxiliary/scanner/portscan/syn, set PORTS 80 and RHOSTS to
> the target network or host.  I've tried it both ways.  Either way, I get
> no results, even when there are web servers on the target networks or IP
> addresses.  However, in my syslog, I see USB messages logged when I
> start the scan.  The messages only occur when I do a scan this way. 
> What might be causing this?

Raw packet scanners do not go through the pivot, you would need to use
auxiliary/scanner/portscan/tcp for this to work. No idea about the
kernel messages, but it seems like you may be using a USB network card?

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework