Metasploit mailing list archives
favicon.ico handler & meterpreter reverse_tcp encoder problems
From: jlbrown1980 at comcast.net (jlbrown1980 at comcast.net)
Date: Thu, 10 May 2007 06:34:39 -0400
Hmm, I was running it on a Windows XP Computer with IE 7 though.. The target computer I was using doesn't have firefox installed. The reason I believe the encoder is messing something up is this. If the connection is already established (browser has connected to the link), why would it keep trying to encode the payload, when its already been encoded.. unless it isn't encoding properly. On Wed, 2007-05-09 at 22:13 -0500, Kurt Grutzmacher wrote:
On Wed, May 09, 2007 at 10:34:19PM -0400, jlbrown1980 at comcast.net wrote:[e(0)] rex: Failed to find handler for resource: /favicon.icoIf you're running from FireFox you're going to get this. FF makes two connections the first time it sees a server. Nothing to worry aboutwas happening though was the log file would be updated with the following every few seconds: 05/09/2007 22:26:43] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:43] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:46] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:46] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:48] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:48] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:49] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:49] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210) [05/09/2007 22:26:51] [w(0)] core: windows/meterpreter/reverse_tcp: Failed to find preferred encoder [05/09/2007 22:26:51] [d(2)] core: windows/meterpreter/reverse_tcp: Successfully encoded with encoder x86/shikata_ga_nai (size is 210)This is just MSF going through its various encoding methods, attempting to find one that passes all of the given requirements (size, bad chars, etc). The last line is a successful encoding using x86/shikata_ga_nai. I don't think the ani exploit in MSF works with Firefox however.
Current thread:
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 09)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 09)
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- <Possible follow-ups>
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 at comcast.net (May 10)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 11)
- favicon.ico handler & meterpreter reverse_tcp encoder problems Kurt Grutzmacher (May 09)