Framework Digest, Vol 16, Issue 24

[mtgarden at gmail.com (Matt Gardenghi)]

But that probably wasn't what you meant.  :-)

I think that this is: http://trac.metasploit.com/wiki/PortingExploits


Rich Pazzani wrote:
> Hi Guys, I am new to Metasploit and have actually used it to penetrate 
> some targets within my own private network. I have looked thru the 
> documentation an I am still not clear as to how I could download a new 
> exploit and incorporate it into metasploit to use it. Can anyone help 
> without getting upset............thanks
>
> --- On *Tue, 5/19/09, framework-request at spool.metasploit.com 
> /<framework-request at spool.metasploit.com>/* wrote:
>
>
>     From: framework-request at spool.metasploit.com
>     <framework-request at spool.metasploit.com>
>     Subject: Framework Digest, Vol 16, Issue 24
>     To: framework at spool.metasploit.com
>     Date: Tuesday, May 19, 2009, 3:00 PM
>
>     Send Framework mailing list submissions to
>         framework at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com>
>
>     To subscribe or unsubscribe via the World Wide Web, visit
>         https://mail.metasploit.com/mailman/listinfo/framework
>     or, via email, send a message with subject or body 'help' to
>         framework-request at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=framework-request at spool.metasploit.com>
>
>     You can reach the person managing the list at
>         framework-owner at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=framework-owner at spool.metasploit.com>
>
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of Framework digest..."
>
>
>     Today's Topics:
>
>        1. Re: Meterpreter will not run on Windows 7 RC (Carlos Perez)
>        2. Re: how to use the silc channel (H D Moore)
>
>
>     ----------------------------------------------------------------------
>
>     Message: 1
>     Date: Tue, 19 May 2009 13:34:49 -0400
>     From: Carlos Perez <carlos_perez at darkoperator.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=carlos_perez at darkoperator.com>>
>     Subject: Re: [framework] Meterpreter will not run on Windows 7 RC
>     To: Stephen Fewer <stephen_fewer at harmonysecurity.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=stephen_fewer at harmonysecurity.com>>
>     Cc: framework at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com>
>     Message-ID:
>         <f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=f2a8fc3e0905191034qdc1fb2bq7c7748c916549f2a at mail.gmail.com>>
>     Content-Type: text/plain; charset="iso-8859-1"
>
>     I tried them all (meterpreter versions only) in 2 different VM's
>     and on
>     physical laptop without any luck.
>
>     On Tue, May 19, 2009 at 6:03 AM, Stephen Fewer <
>     stephen_fewer at harmonysecurity.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=stephen_fewer at harmonysecurity.com>>
>     wrote:
>
>     > -----BEGIN PGP SIGNED MESSAGE-----
>     > Hash: SHA1
>     >
>     > Hi
>     >
>     > - From some early testing I have found that their are several
>     problems
>     > with running any metasploit shellcode on Windows7 RC1 compared to
>     > earlier versions (Vista,2003,xp,...). When testing a simple payload
>     > win32_single_exec I came across the following:
>     >
>     > * Getting the kernel32.dll's base address is broken in the current
>     > shellcode implementation due to Windows7 loading kernelbase.dll
>     before
>     > kernel32.dll (Due to Windows7 using the new MinWin kernel
>     structure[1]).
>     > Their is an quick fix[2] but is not backwards compatible, so a
>     generic
>     > fix is needed :)
>     >
>     > * After getting kernel32's base address, parsing the kernel32 Export
>     > address table seems broken too, it gets parsed backwards and
>     seems to
>     > allways fail on the last entry (which is the first one parsed).
>     I have
>     > yet to look into why this is happening.
>     >
>     > These two problems seem to be present in most if not all the current
>     > win32 shellcodes AFAIK.
>     >
>     > With regard to using Reflective Dll Injection, it works after
>     the fix
>     > for getting the kernel32 base address is applied but when used as a
>     > payload the stager used (e.g. reverse_tcp) would need to be
>     fixed also.
>     >
>     > Anyone else experiencing shellcode failing/succeeding on win7rc1
>     too?
>     >
>     > Regards, Steve.
>     >
>     > [1]
>     >
>     >
>     http://www.windows-now.com/blogs/robert/mark-russinovich-explains-minwin-once-and-for-all.aspx
>     >
>     > [2] http://pastebin.com/f5d372f02
>     >
>     >
>     >
>     > Carlos Perez wrote:
>     > > Hi Guys
>     > >
>     > >
>     > >      I have tried all version of meterpreter using msfpayload to
>     > > generate an exe and run it in Windows 7 an have had no luck
>     what so ever
>     > > in getting it to run. The version if Windows 7 is the latest
>     RC in x86.
>     > > Any ideas?
>     > >
>     > > Cheers,
>     > > Carlos
>     > -----BEGIN PGP SIGNATURE-----
>     > Version: GnuPG v1.4.9 (MingW32)
>     >
>     > iEYEARECAAYFAkoSg9gACgkQQIrmi1YdFr5Q4ACfVMFRBvSz1YDvJhwLuohZ1rsY
>     > d38An3HTridD4MaHc7HDQW7iLzK6lhnK
>     > =9+I1
>     > -----END PGP SIGNATURE-----
>     > _______________________________________________
>     > https://mail.metasploit.com/mailman/listinfo/framework
>     >
>     -------------- next part --------------
>     An HTML attachment was scrubbed...
>     URL:
>     <http://mail.metasploit.com/pipermail/framework/attachments/20090519/fc2a67e5/attachment.html>
>
>     ------------------------------
>
>     Message: 2
>     Date: Tue, 19 May 2009 13:22:18 -0500
>     From: "H D Moore" <hdm at metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=hdm at metasploit.com>>
>     Subject: Re: [framework] how to use the silc channel
>     To: framework at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=framework at spool.metasploit.com>
>     Message-ID: <op.ut6vzgqwt28lo2 at localhost>
>     Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii
>
>     On Tue, 19 May 2009 12:16:12 -0500, danny shevitz 
>     <danny_shevitz at yahoo.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=danny_shevitz at yahoo.com>>
>     wrote:
>
>     >
>     > Howdy,
>     >
>     > I am a newbie to both Metasploit and Silc. I got the Pidgin
>     client and it
>     > seems to be working fine. I created an account at silc.hick.org, but
>     > there doesn't seem to be a metasploit channel as I expected.
>     >
>     > Can anyone suggest what I might be doing wrong, or the correct
>     way to
>     > make get to the metasploit chat.
>
>     Make sure you are joining 'metasploit' and not '#metasploit', this
>     is the 
>     most common problem. Also, make sure youre really connected to 
>     silc.hick.org (as the server, not the network).
>
>     -HD
>
>
>     ------------------------------
>
>     _______________________________________________
>     Framework mailing list
>     Framework at spool.metasploit.com
>     <http://us.mc376.mail.yahoo.com/mc/compose?to=Framework at spool.metasploit.com>
>     https://mail.metasploit.com/mailman/listinfo/framework
>
>
>     End of Framework Digest, Vol 16, Issue 24
>     *****************************************
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>