Metasploit mailing list archives

Windows Recv Tag Findsock Meterpreter payload

From: cbyrd01 at yahoo.com (Chris Byrd)
Date: Thu, 28 Apr 2005 21:37:11 -0700 (PDT)

Thanks Vlan902, I appreciate your in-depth answer. 
You rock.

I'm going to play around with the Keys of some of the
win32 exploits and see if I can get anywhere, but most
likely I'll be waiting with anticipation for 2.4.  :)

- Chris

--- vlad902 <vlad902 at gmail.com> wrote:

None of the current exploits support findsock and
ws2ord together (past Tester.)

$ grep ws2ord * | grep findsock
Tester.pm:                      'Keys' => [
'+findsock', '+ws2ord' ],
$ 

Some may in actuality but due to the fact that the
first findsock
payload for win32 was added in 2.3 some exploits may
not be updated to
reflect the fact that they can be used along with
findsock (or may
need tweaks to do so).


On 4/28/05, Chris Byrd <cbyrd01 at yahoo.com> wrote:


I just went through all of the win32/x86 exploits,
none would allow the selection of
win32_findrecv_ord_meterpreter.  Perhaps the

payload

is broken, or for academic purposes only?

- Chris

--- vlad902 <vlad902 at gmail.com> wrote:

On 4/28/05, Chris Byrd <cbyrd01 at yahoo.com>

wrote:

In the documentation for Meterpreter, a

payload is

mentioned, win32_findrecv_ord_meterpreter,

that

has

the ability to use the exploit socket for
communication.  This is intriguing to me, and

I'd

like

to include it in an upcoming demonstration.

However, I have been unable to select
win32_findrecv_ord_meterpreter as a payload. I

have

tried with most win32 exploits.  Any advice on

how

to

use this payload would be greatly appreciated.

Thanks,
Chris


__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs


findsock payloads are only available with some
exploits, and ordinals
ones less so... If it doesn't work use another
payload or use another
exploit.

-vlad902


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam

protection around

http://mail.yahoo.com



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/

Current thread:

Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload vlad902 (Apr 28)
- <Possible follow-ups>
- Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
  - Windows Recv Tag Findsock Meterpreter payload vlad902 (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
  - Windows Recv Tag Findsock Meterpreter payload H D Moore (Apr 28)