Re: more testing

[Stephen Fewer <stephen_fewer () harmonysecurity com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David, thanks for the report, I've opened ticket #2123
(http://www.metasploit.com/redmine/issues/2123) to track the native x64
psexec issue and have a fix nearly ready, prob done by tomorrow just
needs a little testing. The issue with psexec is as you mentioned an
incorrect x86 .exe being used.

Cheers,

- - Stephen.

On 20/06/2010 06:38, David Kennedy wrote:
> Been doing some more testing with Mubix (thanks man!) all of the x64 bit
> payloads seem to be affected through mssql_payload and psexec (looks
> like any upload like payloads). Using other methods aside from cmdstager
> are still not functioning correctly. Strangely enough Mubix has them
> working on a Windows 7 x64 (non VMWare) and my Windows 7 x64 (VMWare)
> does not work, wondering if its a VMWare specific issue? Also tried on
> Server 2008 x64 (vmware) and two separate servers with the same results.
> All x86 based payloads work without a hitch. Here's what I've tested.
>
> windows/x64/meterpreter/bind_tcp - not working
> windows/x64/meterpreter/reverse_tcp - not working
> windows/meterpreter/bind_tcp - working
> windows/meterpreter/reverse_tcp - working
> windows/x64/shell/reverse_tcp - not working
> windows/x64/shell/bind_tcp - not working
> windows/x64/shell_reverse_tcp - not working
>
> Thought maybe since all of them appear to use
> Msf::Util::EXE.to_win32pe(framework,payload.encoded) it may be getting
> encoded with a x86 based encoder and corrupting the binary? I'll test
> this off tomorrow just a complete guess.
>
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkweXHIACgkQQIrmi1YdFr4DawCghI6Z2sqi1ofixQCvyX4ZncJi
cMYAn3nHNx0f0bZKmS76NjwqLXjJXzgF
=c3Ri
-----END PGP SIGNATURE-----
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework