Framework Digest, Vol 16, Issue 24

[biotic52 at yahoo.com (Rich Pazzani)]

Hi Guys, I am new to Metasploit and have actually used it to penetrate some targets within my own private network. I 
have looked thru the documentation an I am still not clear as to how I could download a new exploit and incorporate it 
into metasploit to use it. Can anyone help without getting upset............thanks

--- On Tue, 5/19/09, framework-request at spool.metasploit.com <framework-request at spool.metasploit.com> wrote:


From: framework-request at spool.metasploit.com <framework-request at spool.metasploit.com>
Subject: Framework Digest, Vol 16, Issue 24
To: framework at spool.metasploit.com
Date: Tuesday, May 19, 2009, 3:00 PM


Send Framework mailing list submissions to
??? framework at spool.metasploit.com

To subscribe or unsubscribe via the World Wide Web, visit
??? https://mail.metasploit.com/mailman/listinfo/framework
or, via email, send a message with subject or body 'help' to
??? framework-request at spool.metasploit.com

You can reach the person managing the list at
??? framework-owner at spool.metasploit.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Framework digest..."


Today's Topics:

???1. Re: Meterpreter will not run on Windows 7 RC (Carlos Perez)
???2. Re: how to use the silc channel (H D Moore)


----------------------------------------------------------------------

Message: 1
Date: Tue, 19 May 2009 13:34:49 -0400
From: Carlos Perez <carlos_perez at darkoperator.com>
Subject: Re: [framework] Meterpreter will not run on Windows 7 RC
To: Stephen Fewer <stephen_fewer at harmonysecurity.com>
Cc: framework at spool.metasploit.com
Message-ID:
??? <f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

I tried them all (meterpreter versions only) in 2 different VM's and on
physical laptop without any luck.

On Tue, May 19, 2009 at 6:03 AM, Stephen Fewer <
stephen_fewer at harmonysecurity.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> - From some early testing I have found that their are several problems
> with running any metasploit shellcode on Windows7 RC1 compared to
> earlier versions (Vista,2003,xp,...). When testing a simple payload
> win32_single_exec I came across the following:
>
> * Getting the kernel32.dll's base address is broken in the current
> shellcode implementation due to Windows7 loading kernelbase.dll before
> kernel32.dll (Due to Windows7 using the new MinWin kernel structure[1]).
> Their is an quick fix[2] but is not backwards compatible, so a generic
> fix is needed :)
>
> * After getting kernel32's base address, parsing the kernel32 Export
> address table seems broken too, it gets parsed backwards and seems to
> allways fail on the last entry (which is the first one parsed). I have
> yet to look into why this is happening.
>
> These two problems seem to be present in most if not all the current
> win32 shellcodes AFAIK.
>
> With regard to using Reflective Dll Injection, it works after the fix
> for getting the kernel32 base address is applied but when used as a
> payload the stager used (e.g. reverse_tcp) would need to be fixed also.
>
> Anyone else experiencing shellcode failing/succeeding on win7rc1 too?
>
> Regards, Steve.
>
> [1]
>
> http://www.windows-now.com/blogs/robert/mark-russinovich-explains-minwin-once-and-for-all.aspx
>
> [2] http://pastebin.com/f5d372f02
>
>
>
> Carlos Perez wrote:
> > Hi Guys
> >
> >
> > ? ? ? I have tried all version of meterpreter using msfpayload to
> > generate an exe and run it in Windows 7 an have had no luck what so ever
> > in getting it to run. The version if Windows 7 is the latest RC in x86.
> > Any ideas?
> >
> > Cheers,
> > Carlos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAkoSg9gACgkQQIrmi1YdFr5Q4ACfVMFRBvSz1YDvJhwLuohZ1rsY
> d38An3HTridD4MaHc7HDQW7iLzK6lhnK
> =9+I1
> -----END PGP SIGNATURE-----
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/fc2a67e5/attachment.html>

------------------------------

Message: 2
Date: Tue, 19 May 2009 13:22:18 -0500
From: "H D Moore" <hdm at metasploit.com>
Subject: Re: [framework] how to use the silc channel
To: framework at spool.metasploit.com
Message-ID: <op.ut6vzgqwt28lo2 at localhost>
Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii

On Tue, 19 May 2009 12:16:12 -0500, danny shevitz? 
<danny_shevitz at yahoo.com> wrote:

> Howdy,
>
> I am a newbie to both Metasploit and Silc. I got the Pidgin client and it
> seems to be working fine. I created an account at silc.hick.org, but
> there doesn't seem to be a metasploit channel as I expected.
>
> Can anyone suggest what I might be doing wrong, or the correct way to
> make get to the metasploit chat.

Make sure you are joining 'metasploit' and not '#metasploit', this is the? 
most common problem. Also, make sure youre really connected to? 
silc.hick.org (as the server, not the network).

-HD


------------------------------

_______________________________________________
Framework mailing list
Framework at spool.metasploit.com
https://mail.metasploit.com/mailman/listinfo/framework


End of Framework Digest, Vol 16, Issue 24
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/00de2ab0/attachment.htm>