Metasploit mailing list archives
Metasploit vs ANI
From: thomas.werth at vahle.de (Thomas Werth)
Date: Wed, 04 Apr 2007 08:26:44 +0200
ok here are details msf 3 latested updates running on bt2 hd install. Using win/shell/bind_tcp payload Test vmware windows xp sp2 german no ani patch installed, running as admin . Using ollydgb on ie . WinXp connects to given msf random uri as soon as msf shows ready signals. Ollydg is catching on error : EAX ED40601B ECX 7C92056D ntdll.7C92056D EDX 00000000 EBX 0012DF80 ESP 0012DECC EBP FED47515 ESI 0012DEFC ASCII "anih$" EDI 0012DECC EIP 77D525BA USER32.77D525BA C 0 ES 0023 32bit 0(FFFFFFFF) P 1 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 1 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDF000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_INVALID_PARAMETER (00000057) EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty -??? FFFF 0084837B 6B84837B ST1 empty -??? FFFF 00000000 6B000000 ST2 empty -??? FFFF 00000084 0083007B ST3 empty -??? FFFF 00000084 0083007B ST4 empty -??? FFFF 6B84837B 6B84837B ST5 empty -??? FFFF 00000084 0083007B ST6 empty 1.0000000000000000000 ST7 empty 1.0000000000000000000 3 2 1 0 E S P U O Z D I FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 passing execution to application finishes loading of url and throws another error : EAX 05D54948 ECX 7C92056D ntdll.7C92056D EDX 00000000 EBX 0012DF80 ESP 0012DECC EBP 24D7F687 ESI 0012DEFC ASCII "anih$" EDI 0012DECC EIP 71BD0205 C 0 ES 0023 32bit 0(FFFFFFFF) P 1 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 1 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDF000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_INVALID_PARAMETER (00000057) EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty -??? FFFF 0084837B 6B84837B ST1 empty -??? FFFF 00000000 6B000000 ST2 empty -??? FFFF 00000084 0083007B ST3 empty -??? FFFF 00000084 0083007B ST4 empty -??? FFFF 6B84837B 6B84837B ST5 empty -??? FFFF 00000084 0083007B ST6 empty 1.0000000000000000000 ST7 empty 1.0000000000000000000 3 2 1 0 E S P U O Z D I FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 that's it no notification to msf payload handler occurs. mmiller at hick.org schrieb:
It's expected that you'll see bogus characters in the browser. Is there any chance that you could try attaching a debugger to the process to see where it's crashing? That would provide additional insight into what's going on. AFAIK the patch for this issue is out now, so be sure that the machine you're testing against didn't apply the patch last night. On Tue, Apr 03, 2007 at 11:54:52AM +0200, Thomas Werth wrote:I'm using bt2 final and can confirm bogus chars in IE 6/7 on win xp . Giorgio Casali schrieb:I'm using Backtrack installed on my HD and as payload windows/meterpreter/reverse_tcp, but still no luck... Explorer 7 and firefox are showing ASCII chars when directed to my crafted page. Giorgio. 2007/4/2, H D Moore <hdm at metasploit.com>:Aviv Raff confirmed this patch, merged into dev/stable. Running these exploits *from* Windows seems to be buggy still, but using something like BackTrack 2.0 or a non-Linux system to run the exploits seems fine. -HD On Monday 02 April 2007 15:40, mmiller at hick.org wrote:Thanks for the report, Nicolas. I think you're right (although it's pretty weird that this worked in my test environment). I'm not in a place to test this, but can you try this patch out and see if it fixes the problem for you:
Current thread:
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
- Metasploit vs ANI Saad Kadhi (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
- Metasploit vs ANI mmiller at hick.org (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Giorgio Casali (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 04)
- Metasploit vs ANI Thomas Werth (Apr 04)
- Metasploit vs ANI H D Moore (Apr 04)
- Metasploit vs ANI H D Moore (Apr 04)
- Metasploit vs ANI Fabrice MOURRON (Apr 04)
- Metasploit vs ANI security (Apr 05)
- Metasploit vs ANI Jerome Athias (Apr 05)
- Metasploit vs ANI security (Apr 05)
- Metasploit vs ANI Nicolas RUFF (Apr 02)