Metasploit mailing list archives

Finding Shell. more information.

From: ninjatools at hush.com (ninjatools at hush.com)
Date: Mon, 4 Oct 2004 17:13:17 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try a reverse payload, something could be happening funny with bind,
or if you have previously owned with that LPORT, a listener could be
floating around or something weird.  Try changing your LPORT, but more
likely try a reverse shell and see if that works.

reverse shells are pretty much always more reliable than bind (as a rule
of thumb), and I'd suggest exclusively using reverse.

On Mon, 04 Oct 2004 16:52:07 -0700 "[Arcangel]" <arcangel at phreaker.net>
wrote:

I dont know if this is important but as it says in the documentation
the
Serv-U ftp Server dies when I run the exploit. I have Win XP SP2.
bye.
Arc.

Hi list:

       I recently started using Metasploit Framework. I have a

problem

exploiting the "servu_mdtm_overflow". I set up a temporary Serv-

U Ftp

server
5.0.0.0 (in my PC) to test this vulnerability. When I tried to

explote It

seems that it works, but there is no shell at all. Something similar
happened when I tried with another exploit.

this is the banner:

msf servu_mdtm_overflow(win32_bind) > exploit
[*] Starting Bind Handler.
[*] REMOTE> 220 ftp Server Ready...
[*] REMOTE> 331 User name okay, need password.
[*] REMOTE> 230 User logged in, proceed.
[*] REMOTE> 227 Entering Passive Mode (127.0.0.1, 14,39)
[*] Trying to explot target ServU 5.0.0.0 ServUDaemon.exe
[*] Got Connection from 127.0.0.1:4444

[*] Exiting Handler.

msf servu_mdtm_overflow(win32_bind) >

where is the shell??

I also tried whit my Internet IP (not local 127.0....)
but nothing.
I have no Firewall.
Thanks,
Arc.

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkFh5x4ACgkQtCeTLzI39eMn6wCbBF+Z9XqAc6pK7zHbs13RlKOyqU8A
oKB68duzl71zysZzPP552evl+c83
=v6XG
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Current thread:

Finding Shell. more information. Arcangel (Oct 04)
- Finding Shell. more information. H D Moore (Oct 04)
  - Finding Shell. more information. H D Moore (Oct 04)
- <Possible follow-ups>
- Finding Shell. more information. ninjatools at hush.com (Oct 04)
  - Finding Shell. more information. Arcangel (Oct 04)
- Finding Shell. more information. ninjatools at hush.com (Oct 04)