Re: Unsuccessful connection after successful exploit

[Eloi Sanfèlix <eloi () limited-entropy com>]

Hi,

Thanks for the tip. The weird thing is that the payload is actually being
executed and everything is right. I already tried before, between my first
and second call to the exploit, to telnet to the port. You can see it below:


msf exploit(stack) > exploit
[*] Exploit completed, but no session was created.
msf exploit(stack) > nc localhost 4444
[*] exec: nc localhost 4444

/system/bin/id
uid=0(root) gid=0(root)

To me it seems that the payload is actually, and something goes wrong when
metasploit tries to connect (due to my sloppiness probably).

I'll try to strace the vulnerable process and see what happens.

Thanks again.

Eloi

On Thu, Feb 11, 2010 at 8:29 PM, HD Moore <hdm () metasploit com> wrote:

> On 2/11/2010 1:16 PM, Eloi Sanfèlix wrote:
> > [*] Started bind handler
> > [*] Command shell session 1 opened (127.0.0.1:39112
> > <http://127.0.0.1:39112> -> 127.0.0.1:1234 <http://127.0.0.1:1234>)
> >
> >
> > [*] Command shell session 1 closed.
> >
> > However, if I look at my emulated system, the exploit actually succeeded
> > and it is executing a shell and listening for incoming connections on
> > the selected port. Now, if I call exploit again, metasploit successfully
> > connects to the shell created previously as you can see below:
>
> Your best bet is to strace the remote process and figure out why the
> socket is closing. One way to test this is by disabling the payload
> handler entirely and then manually telnet'ing to the service while
> strace is attached. You can disable the handler with:
>
> set DisablePayloadHandler false
>
> My guess is there is something weird with the bind payload; maybe you
> are forking after the accept() and the parent is calling close?
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework