Metasploit mailing list archives
Loading meterpreter extensions in ms 3.0 beta (shedding new light...)
From: 0xlukej at gmail.com (Luke J)
Date: Thu, 1 Mar 2007 23:52:08 +0000
I added that debug line and it is reporting the correct size which is strange. So the problem must be in the transport to the server, the handling at the server or just plainly a win2k3 problem. I tried adding some debugging statements to files that make up metsrv.dll to get it to write logs to keep track of stuff but couldn't even seem to get it to write to files for some reason. My general C knowledge is OK but my windows programming isn't really upto scratch so maybe I'm missing something. I might attach a debugger at some point but other than that I guess maybe this will be an unsolved mystery. The VNC DLL is fine at 300k+ in size so I imagine maybe this isn't going to be much of an issue practically unless someone wants to write a huge extension. On 3/1/07, mmiller at hick.org <mmiller at hick.org> wrote:
On Thu, Mar 01, 2007 at 03:55:27PM +0000, Luke J wrote:It was failing with the same ruby stack trace that Vedran had (as below). I didn't attach a debugger but the server side didn't crash. I could still carry on using the meterpreter perfectly. The error code 1168 is windows system error ERROR_NOT_FOUND which seemed to be returned from the server side code based on my brief codeanalysis.If this is definitely just due to the file size then I guess it is not so big an issue unless people want to write some huge extensions. However, I just figured it might be worth a little bit of investigation. If there is anything specific you'd like me to do/test or if you'd like me to send you an example compiled DLL that fails on win2k3 then let me know.As it relates to size, my only guess would be that somehow an incomplete version of the DLL is being sent to the server. Here's something to try. In lib/rex/post/meterpreter/client_core.rb inside load_library, there's this block of code: ::File.open(library_path, 'rb') { |f| image = f.read } Try adding a $stdout.puts("#{image.length}") after that block. Compare the output to the size of the file. If they mismatch, then we know this is the problem.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070301/f58ee7d3/attachment.htm>
Current thread:
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta mmiller at hick.org (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Alexander Sotirov (Mar 01)
- <Possible follow-ups>
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta mmiller at hick.org (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 08)