Metasploit mailing list archives

favicon.ico handler & meterpreter reverse_tcp encoder problems

From: jlbrown1980 at comcast.net (jlbrown1980 at comcast.net)
Date: Wed, 09 May 2007 22:34:19 -0400

I have been trying to figure out why my system is generating errors in
regards to this exploit(ani loadimage).  Just slapped a fresh drive in
and installed Ubuntu Feisty.  Successfully installed all listed
packages...

ruby libruby rdoc
libyaml-ruby
libzlib-ruby
libopenssl-ruby
libdl-ruby
libreadline-ruby
libiconv-ruby
libgtk2-ruby libglade2-ruby

Installed RubyGem's and version reports 0.9.0
after that i ran the 'gem install -v=1.2.2 rails- command

svn co http://metasploit.com/svn/framework3/trunk/ 

anyways... after all that i configured and ran the
ani_loadimage_chunksize exploit with the meterpreter reverse tcp
payload.  After running it I noticed two possible issues. One was 

        
[e(0)] rex: Failed to find handler for resource: /favicon.ico 

That was timestamped being right exactly as I ran the exploit. Then I
noticed something else that could have something to do with it. When I
take the target computer and have it connect to the website url running
the exploit.  The target computer will load a small amount of gibberish
on the page but the computer running the exploit will do nothing.  What
was happening though was the log file would be updated with the
following every few seconds:

05/09/2007 22:26:43] [w(0)] core: windows/meterpreter/reverse_tcp:
Failed to find preferred encoder 
[05/09/2007 22:26:43] [d(2)] core: windows/meterpreter/reverse_tcp:
Successfully encoded with encoder x86/shikata_ga_nai (size is 210)
[05/09/2007 22:26:46] [w(0)] core: windows/meterpreter/reverse_tcp:
Failed to find preferred encoder 
[05/09/2007 22:26:46] [d(2)] core: windows/meterpreter/reverse_tcp:
Successfully encoded with encoder x86/shikata_ga_nai (size is 210)
[05/09/2007 22:26:48] [w(0)] core: windows/meterpreter/reverse_tcp:
Failed to find preferred encoder 
[05/09/2007 22:26:48] [d(2)] core: windows/meterpreter/reverse_tcp:
Successfully encoded with encoder x86/shikata_ga_nai (size is 210)
[05/09/2007 22:26:49] [w(0)] core: windows/meterpreter/reverse_tcp:
Failed to find preferred encoder 
[05/09/2007 22:26:49] [d(2)] core: windows/meterpreter/reverse_tcp:
Successfully encoded with encoder x86/shikata_ga_nai (size is 210)
[05/09/2007 22:26:51] [w(0)] core: windows/meterpreter/reverse_tcp:
Failed to find preferred encoder 
[05/09/2007 22:26:51] [d(2)] core: windows/meterpreter/reverse_tcp:
Successfully encoded with encoder x86/shikata_ga_nai (size is 210)

If anyone has any suggestions it would be appreciated, thanks.

Current thread:

favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 09)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 09)
  - favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
    - favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 10)
- <Possible follow-ups>
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
  - favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 11)