Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why metasploit's exploits fails inside Qemu?

From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Tue, 21 Sep 2010 11:36:39 -0500
On Tue, Sep 21, 2010 at 11:04:27PM +0700, Jun Koi wrote:

On Tue, Sep 21, 2010 at 9:09 PM, Jun Koi <junkoi2004 () gmail com> wrote:

hi,

using metasploit, i created a vulnerable PDF file (using exploits like
modules/exploits/windows/fileformat/adobe_geticon.rb). as a result, i
have a PDF file, which is perfectly working with my old Adobe Reader
inside my Virtual Machine. I tried to open my PDF file inside 2 VMs:
one is a KVM machine, one is QEMU+KQemu machine. both work perfectly.

However, if i open the same PDF file in another VM running pure QEMU
(which means i run Qemu without KVM or KQEMU as accelerator), the
exploitation doesnt work anymore: the process looks like hangup.


perhaps Metasploit fails to work inside Qemu is because Metasploit
shellcode is doing some special tricks, that Qemu fails to emulate
them correctly? any idea?


Sounds good to me. I had limited success when I tried qemu by itself.
It doesn't seem particularly robust to me.. Definitely not production
quality.

-- 
Joshua J. Drake

Attachment: _bin
Description: 

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: