Metasploit mailing list archives
Oracle Exploit broken?
From: hdm at metasploit.com (H D Moore)
Date: Sun, 27 Mar 2005 16:44:40 -0600
Could you try using a different payload, such as win32_reverse or win32_bind_metepreter? It sounds like the exploit is working fine, but something is killing the exploited process, causing the command shell to exit. I have tested locally on Windows 2000 and 2003, but I primarily use the win32_reverse payloads. When using the bind payloads with exploits that allow re-exploitation, keep in mind that you *must* change the LPORT value between each attempt. The reason is that the previous exploit run is still "using" the socket, so the new payload can't bind to it. The handler still sees the old socket as open, connects to it, and gives you a "shell" that does not respond to commands. -HD On Sunday 27 March 2005 16:36, tuxi wrote:
hi, i'm not sure if the Oracle exploit isn't buggy i tested it on some systems which should be vuln. but only once i got a shell and i could only execute one command then bindshell stops. [*] Starting Bind Handler. [*] REMOTE> 220 192.168.0.2 (Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production) ready. [*] REMOTE> 331 pass required for DBSNMP [*] REMOTE> 230 DBSNMP logged in [*] Trying to exploit target Oracle 9.2.0.1 Universal 0x60616d46 [*] Exiting Bind Handler. ^^ thats all what i geting It's my first message at the mailinglist so don't angry if sth. is wrong :-/
Current thread:
- Oracle Exploit broken? tuxi (Mar 27)
- Oracle Exploit broken? H D Moore (Mar 27)