Metasploit mailing list archives
Re: more testing
From: Stephen Fewer <stephen_fewer () harmonysecurity com>
Date: Sun, 20 Jun 2010 19:22:42 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi David, thanks for the report, I've opened ticket #2123 (http://www.metasploit.com/redmine/issues/2123) to track the native x64 psexec issue and have a fix nearly ready, prob done by tomorrow just needs a little testing. The issue with psexec is as you mentioned an incorrect x86 .exe being used. Cheers, - - Stephen. On 20/06/2010 06:38, David Kennedy wrote:
Been doing some more testing with Mubix (thanks man!) all of the x64 bit payloads seem to be affected through mssql_payload and psexec (looks like any upload like payloads). Using other methods aside from cmdstager are still not functioning correctly. Strangely enough Mubix has them working on a Windows 7 x64 (non VMWare) and my Windows 7 x64 (VMWare) does not work, wondering if its a VMWare specific issue? Also tried on Server 2008 x64 (vmware) and two separate servers with the same results. All x86 based payloads work without a hitch. Here's what I've tested. windows/x64/meterpreter/bind_tcp - not working windows/x64/meterpreter/reverse_tcp - not working windows/meterpreter/bind_tcp - working windows/meterpreter/reverse_tcp - working windows/x64/shell/reverse_tcp - not working windows/x64/shell/bind_tcp - not working windows/x64/shell_reverse_tcp - not working Thought maybe since all of them appear to use Msf::Util::EXE.to_win32pe(framework,payload.encoded) it may be getting encoded with a x86 based encoder and corrupting the binary? I'll test this off tomorrow just a complete guess. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkweXHIACgkQQIrmi1YdFr4DawCghI6Z2sqi1ofixQCvyX4ZncJi cMYAn3nHNx0f0bZKmS76NjwqLXjJXzgF =c3Ri -----END PGP SIGNATURE----- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- more testing David Kennedy (Jun 19)
- Re: more testing Stephen Fewer (Jun 20)