Metasploit mailing list archives
Re: Unsuccessful connection after successful exploit
From: HD Moore <hdm () metasploit com>
Date: Thu, 11 Feb 2010 13:29:21 -0600
On 2/11/2010 1:16 PM, Eloi Sanfèlix wrote:
[*] Started bind handler [*] Command shell session 1 opened (127.0.0.1:39112 <http://127.0.0.1:39112> -> 127.0.0.1:1234 <http://127.0.0.1:1234>) [*] Command shell session 1 closed. However, if I look at my emulated system, the exploit actually succeeded and it is executing a shell and listening for incoming connections on the selected port. Now, if I call exploit again, metasploit successfully connects to the shell created previously as you can see below:
Your best bet is to strace the remote process and figure out why the socket is closing. One way to test this is by disabling the payload handler entirely and then manually telnet'ing to the service while strace is attached. You can disable the handler with: set DisablePayloadHandler false My guess is there is something weird with the bind payload; maybe you are forking after the accept() and the parent is calling close? -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Unsuccessful connection after successful exploit Eloi Sanfèlix (Feb 11)
- Re: Unsuccessful connection after successful exploit HD Moore (Feb 11)
- Re: Unsuccessful connection after successful exploit Eloi Sanfèlix (Feb 11)
- Re: Unsuccessful connection after successful exploit Patrick Webster (Feb 11)
- Re: Unsuccessful connection after successful exploit Eloi Sanfèlix (Feb 11)
- Re: Unsuccessful connection after successful exploit HD Moore (Feb 11)