Windows Recv Tag Findsock Meterpreter payload

[hdm at metasploit.com (H D Moore)]

We are looking at a 2.4 release either early next week, or the week after. 
The 2.4 release will be mostly bug fixes and already-public updates, but 
some of vlad902's SunRPC stuff will be included, along with some cool 
win32 payloads from skape, and the new OptyNop2 module from spoonm.

The FindRecv stuff may not change though - we just haven't had time to 
test and tweak the exploits to work properly with the win32 FindRecvTag 
payloads. The most common problem is that the exploit sends more (or 
less) data than is recv()'d by the remote process. When the FindRecvTag 
code runs, it either sees some of the exploit request instead of the tag 
or the tag was gobbled up by the application before the payload ran. This 
may be completely wrong for the win32 stuff, but it holds true for the 
Mac OS X FindRecvTag stager. If you want to play with it, you need to set 
the appopriate Keys value, then add a $self->Handler($[socket var]) to 
the exploit code. If succeed in getting FindRecvTag to work with one of 
the modules, let us know and we can incorporate it into the next update.

-HD

On Thursday 28 April 2005 23:37, Chris Byrd wrote:
> I'm going to play around with the Keys of some of the
> win32 exploits and see if I can get anywhere, but most
> likely I'll be waiting with anticipation for 2.4.  :)