Metasploit mailing list archives
Meterpreter will not run on Windows 7 RC
From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Tue, 19 May 2009 13:34:49 -0400
I tried them all (meterpreter versions only) in 2 different VM's and on physical laptop without any luck. On Tue, May 19, 2009 at 6:03 AM, Stephen Fewer < stephen_fewer at harmonysecurity.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi - From some early testing I have found that their are several problems with running any metasploit shellcode on Windows7 RC1 compared to earlier versions (Vista,2003,xp,...). When testing a simple payload win32_single_exec I came across the following: * Getting the kernel32.dll's base address is broken in the current shellcode implementation due to Windows7 loading kernelbase.dll before kernel32.dll (Due to Windows7 using the new MinWin kernel structure[1]). Their is an quick fix[2] but is not backwards compatible, so a generic fix is needed :) * After getting kernel32's base address, parsing the kernel32 Export address table seems broken too, it gets parsed backwards and seems to allways fail on the last entry (which is the first one parsed). I have yet to look into why this is happening. These two problems seem to be present in most if not all the current win32 shellcodes AFAIK. With regard to using Reflective Dll Injection, it works after the fix for getting the kernel32 base address is applied but when used as a payload the stager used (e.g. reverse_tcp) would need to be fixed also. Anyone else experiencing shellcode failing/succeeding on win7rc1 too? Regards, Steve. [1] http://www.windows-now.com/blogs/robert/mark-russinovich-explains-minwin-once-and-for-all.aspx [2] http://pastebin.com/f5d372f02 Carlos Perez wrote:Hi Guys I have tried all version of meterpreter using msfpayload to generate an exe and run it in Windows 7 an have had no luck what so ever in getting it to run. The version if Windows 7 is the latest RC in x86. Any ideas? Cheers, Carlos-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkoSg9gACgkQQIrmi1YdFr5Q4ACfVMFRBvSz1YDvJhwLuohZ1rsY d38An3HTridD4MaHc7HDQW7iLzK6lhnK =9+I1 -----END PGP SIGNATURE----- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/fc2a67e5/attachment.htm>
Current thread:
- Meterpreter will not run on Windows 7 RC Carlos Perez (May 18)
- Meterpreter will not run on Windows 7 RC H D Moore (May 18)
- Meterpreter will not run on Windows 7 RC jeffs (May 18)
- Meterpreter will not run on Windows 7 RC natron (May 18)
- Meterpreter will not run on Windows 7 RC jeffs (May 18)
- Meterpreter will not run on Windows 7 RC jeffs (May 18)
- Meterpreter will not run on Windows 7 RC H D Moore (May 18)
- Meterpreter will not run on Windows 7 RC Stephen Fewer (May 19)
- Meterpreter will not run on Windows 7 RC Carlos Perez (May 19)