Metasploit mailing list archives
VNC payload problems
From: hdm at metasploit.com (H D Moore)
Date: Wed, 26 Sep 2007 08:45:12 -0500
Cross-referencing that with the source: http://metasploit.com/svn/framework3/trunk/external/source/vncdll/winvnc/winvnc/winvnc.cpp We see that SetWindowPos() is the last call we do that relates to the Metasploit modifications to the VNC server. IOW, I have no idea, but it looks like something is wrong with the process heap or the transferred DLLs content. -HD On Tuesday 25 September 2007 21:47, Andres Riancho wrote:
885 932 724 NtDelayExecution (0, {-10000000, -1}, ... ) == 0x0 886 932 724 NtUserFindWindowEx (0, 0, 0x0, "Metasploit Courtesy Shell (TM)", 0, ... ) == 0xbc013a 887 932 724 NtUserSetWindowPos (12321082, -1, 0, 0, 0, 0, 3, ... ) == 0x1 888 932 724 NtRequestWaitReplyPort (36, {24, 48, new_msg, 0, 452608, 1853182464, 1735289198, 2011287552} "\0\0\0\0\14\0\1\00\350\6\0#\1\1\0\0\1\0\0\0\0\0\0" ... {24, 48, reply, 0, 932, 724, 43030, 0} "\0\0\0\0\14\0\1\0\0\0\0\0#\1\1\0\0\1\0\0\0\0\0\0" ) == 0x0 889 932 724 NtCreateSemaphore (0x1f0003, 0x0, 0, 2147483647, ... 124, ) == 0x0 890 932 724 NtAllocateVirtualMemory (-1, 0, 0, 0, 8192, 4, ... ) == STATUS_INVALID_PARAMETER_4 891 932 724 NtRaiseException (452544, 451800, 1, ... And there it dies with an exception that ain't handled. As I said in my first email, the first stage is successfully connecting back, downloading the second stage and executing it(at least some sections of it), but it seems that one of the last syscalls ( the NtAllocateVirtualMemory just after starting the "Metasploit Courtesy Shell (TM)" ) is raising an exception. Do you guys know what the problem might be ?
Current thread:
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems H D Moore (Sep 25)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems Patrick Webster (Sep 25)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems H D Moore (Sep 26)
- VNC payload problems Andres Riancho (Sep 26)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems Andres Riancho (Sep 26)
- VNC payload problems H D Moore (Sep 25)
- <Possible follow-ups>
- VNC payload problems Steven Olson (Sep 26)