Metasploit mailing list archives
Re: my handler has been p0wned ?
From: al1c3andb0b <al1c3andb0b () lavabit com>
Date: Wed, 16 Mar 2011 17:30:59 +0100
On 03/16/2011 04:05 PM, c0lists wrote:
You're right, a simple netcat connect triggers the staging step. And I hadn't tried it. Thankshad you tried it(1), you would have seen that if you connect to your IP/port the handler would attempt to send you the stage too. Add that you are listening on a commonly scanned port this isnt too surprising. 1.http://www.room362.com/blog/2010/10/1/acceptable-questions-checklist.html
Actually, the scan option touched me, but lightly as I thought there should be a protocol between the stager and the handler, involving a custom scanner to fingerprint the MSF handler and an exploit at hand to abuse it, which is IMHO not the kind of tools used by either script kiddies nor large criminal organizations who perform untargeted scans. But obviously, keeping the stager shorter was preferred, at the price of being revealed through a simple connect scan.
At least I'm right on my last point: the Internet is continuously scanned for vulnerable hosts at a terrible pace.
Regards. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- my handler has been p0wned ? al1c3andb0b (Mar 16)
- Re: my handler has been p0wned ? Nicolas Krassas (Mar 16)
- Re: my handler has been p0wned ? c0lists (Mar 16)
- Re: my handler has been p0wned ? al1c3andb0b (Mar 16)
- Re: my handler has been p0wned ? c0lists (Mar 16)
- Re: my handler has been p0wned ? Nicolas Krassas (Mar 16)