Metasploit mailing list archives
Framework Digest, Vol 16, Issue 24
From: biotic52 at yahoo.com (Rich Pazzani)
Date: Tue, 19 May 2009 14:03:16 -0700 (PDT)
Hi Guys, I am new to Metasploit and have actually used it to penetrate some targets within my own private network. I have looked thru the documentation an I am still not clear as to how I could download a new exploit and incorporate it into metasploit to use it. Can anyone help without getting upset............thanks --- On Tue, 5/19/09, framework-request at spool.metasploit.com <framework-request at spool.metasploit.com> wrote: From: framework-request at spool.metasploit.com <framework-request at spool.metasploit.com> Subject: Framework Digest, Vol 16, Issue 24 To: framework at spool.metasploit.com Date: Tuesday, May 19, 2009, 3:00 PM Send Framework mailing list submissions to ??? framework at spool.metasploit.com To subscribe or unsubscribe via the World Wide Web, visit ??? https://mail.metasploit.com/mailman/listinfo/framework or, via email, send a message with subject or body 'help' to ??? framework-request at spool.metasploit.com You can reach the person managing the list at ??? framework-owner at spool.metasploit.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Framework digest..." Today's Topics: ???1. Re: Meterpreter will not run on Windows 7 RC (Carlos Perez) ???2. Re: how to use the silc channel (H D Moore) ---------------------------------------------------------------------- Message: 1 Date: Tue, 19 May 2009 13:34:49 -0400 From: Carlos Perez <carlos_perez at darkoperator.com> Subject: Re: [framework] Meterpreter will not run on Windows 7 RC To: Stephen Fewer <stephen_fewer at harmonysecurity.com> Cc: framework at spool.metasploit.com Message-ID: ??? <f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" I tried them all (meterpreter versions only) in 2 different VM's and on physical laptop without any luck. On Tue, May 19, 2009 at 6:03 AM, Stephen Fewer < stephen_fewer at harmonysecurity.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi - From some early testing I have found that their are several problems with running any metasploit shellcode on Windows7 RC1 compared to earlier versions (Vista,2003,xp,...). When testing a simple payload win32_single_exec I came across the following: * Getting the kernel32.dll's base address is broken in the current shellcode implementation due to Windows7 loading kernelbase.dll before kernel32.dll (Due to Windows7 using the new MinWin kernel structure[1]). Their is an quick fix[2] but is not backwards compatible, so a generic fix is needed :) * After getting kernel32's base address, parsing the kernel32 Export address table seems broken too, it gets parsed backwards and seems to allways fail on the last entry (which is the first one parsed). I have yet to look into why this is happening. These two problems seem to be present in most if not all the current win32 shellcodes AFAIK. With regard to using Reflective Dll Injection, it works after the fix for getting the kernel32 base address is applied but when used as a payload the stager used (e.g. reverse_tcp) would need to be fixed also. Anyone else experiencing shellcode failing/succeeding on win7rc1 too? Regards, Steve. [1] http://www.windows-now.com/blogs/robert/mark-russinovich-explains-minwin-once-and-for-all.aspx [2] http://pastebin.com/f5d372f02 Carlos Perez wrote:Hi Guys ? ? ? I have tried all version of meterpreter using msfpayload to generate an exe and run it in Windows 7 an have had no luck what so ever in getting it to run. The version if Windows 7 is the latest RC in x86. Any ideas? Cheers, Carlos-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkoSg9gACgkQQIrmi1YdFr5Q4ACfVMFRBvSz1YDvJhwLuohZ1rsY d38An3HTridD4MaHc7HDQW7iLzK6lhnK =9+I1 -----END PGP SIGNATURE----- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/fc2a67e5/attachment.html> ------------------------------ Message: 2 Date: Tue, 19 May 2009 13:22:18 -0500 From: "H D Moore" <hdm at metasploit.com> Subject: Re: [framework] how to use the silc channel To: framework at spool.metasploit.com Message-ID: <op.ut6vzgqwt28lo2 at localhost> Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii On Tue, 19 May 2009 12:16:12 -0500, danny shevitz? <danny_shevitz at yahoo.com> wrote:
Howdy, I am a newbie to both Metasploit and Silc. I got the Pidgin client and it seems to be working fine. I created an account at silc.hick.org, but there doesn't seem to be a metasploit channel as I expected. Can anyone suggest what I might be doing wrong, or the correct way to make get to the metasploit chat.
Make sure you are joining 'metasploit' and not '#metasploit', this is the? most common problem. Also, make sure youre really connected to? silc.hick.org (as the server, not the network). -HD ------------------------------ _______________________________________________ Framework mailing list Framework at spool.metasploit.com https://mail.metasploit.com/mailman/listinfo/framework End of Framework Digest, Vol 16, Issue 24 ***************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/00de2ab0/attachment.htm>
Current thread:
- Framework Digest, Vol 16, Issue 24 Rich Pazzani (May 19)
- Framework Digest, Vol 16, Issue 24 Matt Gardenghi (May 20)
- Framework Digest, Vol 16, Issue 24 Matt Gardenghi (May 20)