Metasploit mailing list archives
favicon.ico handler & meterpreter reverse_tcp encoder problems
From: grutz at jingojango.net (Kurt Grutzmacher)
Date: Wed, 9 May 2007 22:13:41 -0500
On Wed, May 09, 2007 at 10:34:19PM -0400, jlbrown1980 at comcast.net wrote:
[e(0)] rex: Failed to find handler for resource: /favicon.ico
If you're running from FireFox you're going to get this. FF makes two connections the first time it sees a server. Nothing to worry about
was happening though was the log file would be updated with the following every few seconds: 05/09/2007 22:26:43] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:43] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:46] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:46] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:48] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:48] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:49] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:49] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:51] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:51] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210)
This is just MSF going through its various encoding methods, attempting
to find one that passes all of the given requirements (size, bad chars,
etc). The last line is a successful encoding using x86/shikata_ga_nai.
I don't think the ani exploit in MSF works with Firefox however.
--
..:[ grutz at jingojango dot net ]:..
GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4
"There's just no amusing way to say, 'I have a CISSP'."
Current thread:
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 09)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 09)
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- <Possible follow-ups>
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 11)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 09)