Metasploit mailing list archives
Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter
From: Kurt Grutzmacher <grutz () jingojango net>
Date: Tue, 23 Mar 2010 22:59:50 -0600
Are you using a USB keyboard connected to a USB hub? My guess is CONFIG_USB_SUSPEND is enabled so the kernel suspends the USB port due to inactivity. Then you hit a key and blammo. Try doing "echo -1 >/sys/module/usbcore/parameters/autosuspend" as root and see if that helps your log messages. -- Kurt Grutzmacher -=- grutz () jingojango net On Tue, Mar 23, 2010 at 10:38 PM, wfdawson <wfdawson () bellsouth net> wrote:
Thanks for the quick answer. Unfortunately, my well established pen testing platform died horribly last week, and this result is from a newly built platform. The network adapter is strictly internal, not USB, so the logged USB events are really confusing. I used the SYN scanner a couple of weeks ago through a pivoted connection; I guess that was some rare fluke... using portscan/tcp now and getting the expected results. Thanks again! ------------------------------ *From:* HD Moore <hdm () metasploit com> *To:* framework () spool metasploit com *Sent:* Wed, March 24, 2010 12:31:48 AM *Subject:* Re: [framework] Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter On 3/23/2010 11:21 PM, wfdawson wrote:I start off with a compromised host. I execute a Meterpreter payload .exe created with msfpayload / msfencode, and establish a connection back to my pen testing host. I determine the locally routed networks, background the session, and configure a route, e.g.: route add 172.18.0.0 255.255.0.0 1 Then, I use auxiliary/scanner/portscan/syn, set PORTS 80 and RHOSTS to the target network or host. I've tried it both ways. Either way, I get no results, even when there are web servers on the target networks or IP addresses. However, in my syslog, I see USB messages logged when I start the scan. The messages only occur when I do a scan this way. What might be causing this?Raw packet scanners do not go through the pivot, you would need to use auxiliary/scanner/portscan/tcp for this to work. No idea about the kernel messages, but it seems like you may be using a USB network card? -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter wfdawson (Mar 23)
- Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter HD Moore (Mar 23)
- Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter wfdawson (Mar 23)
- Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter Kurt Grutzmacher (Mar 23)
- Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter wfdawson (Mar 23)
- Re: Strange results using auxiliary/scanner/portscan/syn and routing via Meterpreter HD Moore (Mar 23)