Metasploit mailing list archives
find_tag Payloads
From: security at vahle.de (Thomas Werth)
Date: Mon, 03 Sep 2007 07:20:13 +0200
thank you very much. mmiller at hick.org schrieb:
I've committed a fix for this issue. The find tag support was inadvertently broken by the introduction of the intermediate stage code we added to support reliably handling large stages. The intermediate stage (a small payload blob) was being sent before the tag itself which caused things to break. I tested the fix and confirmed that it works on trunk. You can find the change set information here: http://www.metasploit.com/dev/trac/changeset/5084 On Thu, Aug 30, 2007 at 11:00:02AM -0700, mmiller at hick.org wrote:Can you take a capture between the attacking machine and the target? The key is to observe that a four byte tag is being sent across my the wire. My guess is that the payload isn't actually finding the connection on the target machine. The attacking machine's framework has no ability to tell at present that the target machine has found the socket, it just assumes that it has. The find_tag payload hasn't been extensively used, so it's possible that there is a bug lingering somewhere. You can do 'set TAG MSF1' which should force an explicit tag to be used rather than a randomly generated one. On Thu, Aug 30, 2007 at 10:06:58AM +0200, Thomas Werth wrote:Dear List, I'm trying to get a find_tag payload to work. I tested several of them. Meterpreter and vnc at least "printf" they have opened a session. But in meterpreter is no communication possible (help won't show fs funcs, migrate timed out, use priv , too ). VNC is the same. I'm just setting a find_tag as payload and fire test exploit. DLL tranfer is ok. After a while searching for a connection msf tells he has a session. But this one isn't working. There is one tcp connection between victim and attacker, exactly that one where exploit is send over. What is needed to get find_tag payloads working ? Thomas
Current thread:
- find_tag Payloads Thomas Werth (Aug 30)
- find_tag Payloads mmiller at hick.org (Aug 30)
- find_tag Payloads mmiller at hick.org (Aug 31)
- find_tag Payloads Thomas Werth (Sep 02)
- find_tag Payloads mmiller at hick.org (Aug 31)
- find_tag Payloads mmiller at hick.org (Aug 30)