Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

find_tag Payloads

From: security at vahle.de (Thomas Werth)
Date: Mon, 03 Sep 2007 07:20:13 +0200
thank you very much.

mmiller at hick.org schrieb:

I've committed a fix for this issue.  The find tag support was
inadvertently broken by the introduction of the intermediate stage code
we added to support reliably handling large stages.  The intermediate
stage (a small payload blob) was being sent before the tag itself which
caused things to break.  I tested the fix and confirmed that it works on
trunk.  You can find the change set information here:

http://www.metasploit.com/dev/trac/changeset/5084

On Thu, Aug 30, 2007 at 11:00:02AM -0700, mmiller at hick.org wrote:

Can you take a capture between the attacking machine and the target?
The key is to observe that a four byte tag is being sent across my the
wire.  My guess is that the payload isn't actually finding the
connection on the target machine.  The attacking machine's framework has
no ability to tell at present that the target machine has found the
socket, it just assumes that it has.

The find_tag payload hasn't been extensively used, so it's possible that
there is a bug lingering somewhere.  You can do 'set TAG MSF1' which
should force an explicit tag to be used rather than a randomly generated
one.

On Thu, Aug 30, 2007 at 10:06:58AM +0200, Thomas Werth wrote:

Dear List,

I'm trying to get a find_tag payload to work. I tested several of them.
Meterpreter and vnc at least "printf" they have opened a session. But in
meterpreter is no communication possible (help won't show fs funcs,
migrate timed out, use priv , too ). VNC is the same.

I'm just setting a find_tag as payload and fire test exploit. DLL
tranfer is ok. After a while searching for a connection msf tells he has
a session. But this one isn't working.

There is one tcp connection between victim and attacker, exactly that
one where exploit is send over.

What is needed to get find_tag payloads working ?

Thomas
Previous By Date Next
Previous By Thread Next

Current thread: