Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Finding Shell. DEBUGLEVEL 5.

From: arcangel at phreaker.net (Arcangel)
Date: Tue, 5 Oct 2004 11:17:48 -0300
I tried with debuglevel 5 and only show me the this aditional 
information --> "KILLING CHILD:2960"

[*] Starting Bind Handler.
[*] REMOTE> 220 ftp Server Ready...
[*] REMOTE> 331 User name okay, need password.
[*] REMOTE> 230 User logged in, proceed.
[*] REMOTE> 227 Entering Passive Mode (127.0.0.1, 4,106)
[*] Trying to explot target ServU 5.0.0.0 ServUDaemon.exe
[*] Got Connection from 127.0.0.1:114

KILLING CHILD:2960

[*] Exiting Handler.


Arc.


----- Original Message ----- 
From: "[Arcangel]" <arcangel at phreaker.net>
To: "Framework" <framework at metasploit.com>
Sent: Tuesday, October 05, 2004 2:13 AM
Subject: Re: [framework] Finding Shell. more information.



Hi,
Thanks for the answers.
I change  the LPORT  several times and nothing. I used reverses payloads 
and nothing...
I have no idea what is happen...

Arc,

----- Original Message ----- 
From: <ninjatools at hush.com>
To: "[Arcangel]" <arcangel at phreaker.net>
Cc: <framework at metasploit.com>
Sent: Monday, October 04, 2004 9:13 PM
Subject: Re: [framework] Finding Shell. more information.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try a reverse payload, something could be happening funny with bind,
or if you have previously owned with that LPORT, a listener could be
floating around or something weird.  Try changing your LPORT, but more
likely try a reverse shell and see if that works.

reverse shells are pretty much always more reliable than bind (as a rule
of thumb), and I'd suggest exclusively using reverse.

On Mon, 04 Oct 2004 16:52:07 -0700 "[Arcangel]" <arcangel at phreaker.net>
wrote:

I dont know if this is important but as it says in the documentation
the
Serv-U ftp Server dies when I run the exploit. I have Win XP SP2.
bye.
Arc.

Hi list:

       I recently started using Metasploit Framework. I have a

problem

exploiting the "servu_mdtm_overflow". I set up a temporary Serv-

U Ftp

server
5.0.0.0 (in my PC) to test this vulnerability. When I tried to

explote It

seems that it works, but there is no shell at all. Something similar
happened when I tried with another exploit.

this is the banner:

msf servu_mdtm_overflow(win32_bind) > exploit
[*] Starting Bind Handler.
[*] REMOTE> 220 ftp Server Ready...
[*] REMOTE> 331 User name okay, need password.
[*] REMOTE> 230 User logged in, proceed.
[*] REMOTE> 227 Entering Passive Mode (127.0.0.1, 14,39)
[*] Trying to explot target ServU 5.0.0.0 ServUDaemon.exe
[*] Got Connection from 127.0.0.1:4444

[*] Exiting Handler.

msf servu_mdtm_overflow(win32_bind) >

where is the shell??

I also tried whit my Internet IP (not local 127.0....)
but nothing.
I have no Firewall.
Thanks,
Arc.


-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkFh5x4ACgkQtCeTLzI39eMn6wCbBF+Z9XqAc6pK7zHbs13RlKOyqU8A
oKB68duzl71zysZzPP552evl+c83
=v6XG
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
Previous By Date Next
Previous By Thread Next

Current thread: