Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Why metasploit's exploits fails inside Qemu?

From: Jun Koi <junkoi2004 () gmail com>
Date: Tue, 21 Sep 2010 21:09:34 +0700
hi,

using metasploit, i created a vulnerable PDF file (using exploits like
modules/exploits/windows/fileformat/adobe_geticon.rb). as a result, i
have a PDF file, which is perfectly working with my old Adobe Reader
inside my Virtual Machine. I tried to open my PDF file inside 2 VMs:
one is a KVM machine, one is QEMU+KQemu machine. both work perfectly.

However, if i open the same PDF file in another VM running pure QEMU
(which means i run Qemu without KVM or KQEMU as accelerator), the
exploitation doesnt work anymore: the process looks like hangup.

i tried other exploitations inside
modules/exploits/windows/fileformat/, and have the same conclusion:
while these exploits work very well with QEMU+KVM or QEMU+KQemu, they
never works inside pure Qemu.

i googled around, and found that other people have similar experience:
http://www.cs.uaf.edu/2006/spring/cs493/hw/hw4.html

anybody knows why we have this problem, or even better, know how to
fix this (so the exploitation can work inside pure Qemu VM)?

many thanks,
Jun
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: