Metasploit mailing list archives
Framework Digest, Vol 16, Issue 24
From: mtgarden at gmail.com (Matt Gardenghi)
Date: Wed, 20 May 2009 07:44:06 -0400
But that probably wasn't what you meant. :-) I think that this is: http://trac.metasploit.com/wiki/PortingExploits Rich Pazzani wrote:
Hi Guys, I am new to Metasploit and have actually used it to penetrate some targets within my own private network. I have looked thru the documentation an I am still not clear as to how I could download a new exploit and incorporate it into metasploit to use it. Can anyone help without getting upset............thanks --- On *Tue, 5/19/09, framework-request at spool.metasploit.com /<framework-request at spool.metasploit.com>/* wrote: From: framework-request at spool.metasploit.com <framework-request at spool.metasploit.com> Subject: Framework Digest, Vol 16, Issue 24 To: framework at spool.metasploit.com Date: Tuesday, May 19, 2009, 3:00 PM Send Framework mailing list submissions to framework at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com> To subscribe or unsubscribe via the World Wide Web, visit https://mail.metasploit.com/mailman/listinfo/framework or, via email, send a message with subject or body 'help' to framework-request at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=framework-request at spool.metasploit.com> You can reach the person managing the list at framework-owner at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=framework-owner at spool.metasploit.com> When replying, please edit your Subject line so it is more specific than "Re: Contents of Framework digest..." Today's Topics: 1. Re: Meterpreter will not run on Windows 7 RC (Carlos Perez) 2. Re: how to use the silc channel (H D Moore) ---------------------------------------------------------------------- Message: 1 Date: Tue, 19 May 2009 13:34:49 -0400 From: Carlos Perez <carlos_perez at darkoperator.com <http://us.mc376.mail.yahoo.com/mc/compose?to=carlos_perez at darkoperator.com>> Subject: Re: [framework] Meterpreter will not run on Windows 7 RC To: Stephen Fewer <stephen_fewer at harmonysecurity.com <http://us.mc376.mail.yahoo.com/mc/compose?to=stephen_fewer at harmonysecurity.com>> Cc: framework at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com> Message-ID: <f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com <http://us.mc376.mail.yahoo.com/mc/compose?to=f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com>> Content-Type: text/plain; charset="iso-8859-1" I tried them all (meterpreter versions only) in 2 different VM's and on physical laptop without any luck. On Tue, May 19, 2009 at 6:03 AM, Stephen Fewer < stephen_fewer at harmonysecurity.com <http://us.mc376.mail.yahoo.com/mc/compose?to=stephen_fewer at harmonysecurity.com>> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi > > - From some early testing I have found that their are several problems > with running any metasploit shellcode on Windows7 RC1 compared to > earlier versions (Vista,2003,xp,...). When testing a simple payload > win32_single_exec I came across the following: > > * Getting the kernel32.dll's base address is broken in the current > shellcode implementation due to Windows7 loading kernelbase.dll before > kernel32.dll (Due to Windows7 using the new MinWin kernel structure[1]). > Their is an quick fix[2] but is not backwards compatible, so a generic > fix is needed :) > > * After getting kernel32's base address, parsing the kernel32 Export > address table seems broken too, it gets parsed backwards and seems to > allways fail on the last entry (which is the first one parsed). I have > yet to look into why this is happening. > > These two problems seem to be present in most if not all the current > win32 shellcodes AFAIK. > > With regard to using Reflective Dll Injection, it works after the fix > for getting the kernel32 base address is applied but when used as a > payload the stager used (e.g. reverse_tcp) would need to be fixed also. > > Anyone else experiencing shellcode failing/succeeding on win7rc1 too? > > Regards, Steve. > > [1] > > http://www.windows-now.com/blogs/robert/mark-russinovich-explains-minwin-once-and-for-all.aspx > > [2] http://pastebin.com/f5d372f02 > > > > Carlos Perez wrote: > > Hi Guys > > > > > > I have tried all version of meterpreter using msfpayload to > > generate an exe and run it in Windows 7 an have had no luck what so ever > > in getting it to run. The version if Windows 7 is the latest RC in x86. > > Any ideas? > > > > Cheers, > > Carlos > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > > iEYEARECAAYFAkoSg9gACgkQQIrmi1YdFr5Q4ACfVMFRBvSz1YDvJhwLuohZ1rsY > d38An3HTridD4MaHc7HDQW7iLzK6lhnK > =9+I1 > -----END PGP SIGNATURE----- > _______________________________________________ > https://mail.metasploit.com/mailman/listinfo/framework > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090519/fc2a67e5/attachment.html> ------------------------------ Message: 2 Date: Tue, 19 May 2009 13:22:18 -0500 From: "H D Moore" <hdm at metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=hdm at metasploit.com>> Subject: Re: [framework] how to use the silc channel To: framework at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com> Message-ID: <op.ut6vzgqwt28lo2 at localhost> Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii On Tue, 19 May 2009 12:16:12 -0500, danny shevitz <danny_shevitz at yahoo.com <http://us.mc376.mail.yahoo.com/mc/compose?to=danny_shevitz at yahoo.com>> wrote: > > Howdy, > > I am a newbie to both Metasploit and Silc. I got the Pidgin client and it > seems to be working fine. I created an account at silc.hick.org, but > there doesn't seem to be a metasploit channel as I expected. > > Can anyone suggest what I might be doing wrong, or the correct way to > make get to the metasploit chat. Make sure you are joining 'metasploit' and not '#metasploit', this is the most common problem. Also, make sure youre really connected to silc.hick.org (as the server, not the network). -HD ------------------------------ _______________________________________________ Framework mailing list Framework at spool.metasploit.com <http://us.mc376.mail.yahoo.com/mc/compose?to=Framework at spool.metasploit.com> https://mail.metasploit.com/mailman/listinfo/framework End of Framework Digest, Vol 16, Issue 24 ***************************************** ------------------------------------------------------------------------ _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Framework Digest, Vol 16, Issue 24 Rich Pazzani (May 19)
- Framework Digest, Vol 16, Issue 24 Matt Gardenghi (May 20)
- Framework Digest, Vol 16, Issue 24 Matt Gardenghi (May 20)