Oracle Exploit broken?

[hdm at metasploit.com (H D Moore)]

Could you try using a different payload, such as win32_reverse or 
win32_bind_metepreter? It sounds like the exploit is working fine, but 
something is killing the exploited process, causing the command shell to 
exit. I have tested locally on Windows 2000 and 2003, but I primarily use 
the win32_reverse payloads.

When using the bind payloads with exploits that allow re-exploitation, 
keep in mind that you *must* change the LPORT value between each attempt. 
The reason is that the previous exploit run is still "using" the socket, 
so the new payload can't bind to it. The handler still sees the old 
socket as open, connects to it, and gives you a "shell" that does not 
respond to commands.

-HD

On Sunday 27 March 2005 16:36, tuxi wrote:
> hi,
> i'm not sure if the Oracle exploit isn't buggy i tested it on some
> systems which should be vuln. but only once i got a shell and i could
> only execute one command then bindshell stops.
>
> [*] Starting Bind Handler.
> [*] REMOTE> 220 192.168.0.2 (Oracle XML DB/Oracle9i Enterprise Edition
> Release 9.2.0.1.0 - Production) ready.
> [*] REMOTE> 331 pass required for DBSNMP
> [*] REMOTE> 230 DBSNMP logged in
> [*] Trying to exploit target Oracle 9.2.0.1 Universal 0x60616d46
> [*] Exiting Bind Handler.
>
> ^^ thats all what i geting
>
> It's my first message at the mailinglist so don't angry if sth. is
> wrong :-/