PaulDotCom mailing list archives
Re: metasploit gurus
From: Johan Peder Møller <johan () johans dk>
Date: Tue, 11 Jan 2011 11:46:48 +0100
Have you tried reverse_http payload it will attempt to use proxy setting in IE6, I've seen it working but also seen it fail. rgds Johan On Mon, Jan 10, 2011 at 3:45 PM, Butturini, Russell <Russell.Butturini () healthways com> wrote:
I’ve found in labbing this kind of thing that having wireshark open while your listener is running can be super helpful, that way you can see if you’re getting RSTs back, SYN timeouts, etc. From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Crest Johanson Sent: Monday, January 10, 2011 12:48 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] metasploit gurus I tried that already. The reverse connection doesn't make it to the attacker server. ________________________________ From: Bill Swearingen <hevnsnt () i-hacked com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Sent: Mon, January 10, 2011 4:34:03 AM Subject: Re: [Pauldotcom] metasploit gurus Dont use autopwn, try a reverse meterpreter shell on a port that is likely to bypass the proxy & get out (443, 22, 80, etc) On Sun, Jan 9, 2011 at 1:10 PM, Crest Johanson <shesma () ymail com> wrote: Hello all, I'm studying attack vectors against the company I work for. Some metasploit attacks work however, the proxy doesn't let the reverse connection through. I tried to set the listening port to a port that the proxy allows connections to, but it seems like the payload doesn't initiate the connection through the proxy. Is there away to point the payload to the proxy and from the proxy to the attacker server? For browser autopwn, the framework set listeners on ports 3333,4444,6666,7777 for different exploits, is there a way to change these ports (maybe from source)? Thanks, _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- metasploit gurus Crest Johanson (Jan 09)
- Re: metasploit gurus Bill Swearingen (Jan 09)
- Re: metasploit gurus Crest Johanson (Jan 10)
- Re: metasploit gurus Butturini, Russell (Jan 10)
- Re: metasploit gurus Johan Peder Møller (Jan 11)
- Re: metasploit gurus Crest Johanson (Jan 10)
- Re: metasploit gurus Bill Swearingen (Jan 09)
- Re: metasploit gurus Albert R. Campa (Jan 11)
- Re: metasploit gurus Ulisses Castro (Jan 11)