Metasploit mailing list archives
Re: Why metasploit's exploits fails inside Qemu?
From: Jun Koi <junkoi2004 () gmail com>
Date: Wed, 22 Sep 2010 08:51:47 +0700
On Wed, Sep 22, 2010 at 8:30 AM, Philip Sanderson <philip.k.sanderson () gmail com> wrote:
Are you using pure qemu without any kernel/hardware acceleration?
yes, i dont use any accelerator like KVM or KQemu. just pure emulation Qemu
If you are using pure emulation, there could be timing issues with the vulnerability being triggered.
what do you mean by "timing issue"? sorry but i cannot imagine that the Metasploit exploitation rely on timing to work. this is so confused (???) thanks, Jun
On Wed, Sep 22, 2010 at 10:34 AM, Jun Koi <junkoi2004 () gmail com> wrote:On Tue, Sep 21, 2010 at 11:53 PM, Joshua J. Drake <jdrake () metasploit com> wrote:On Tue, Sep 21, 2010 at 11:58:07PM +0700, Jun Koi wrote:i want to fix the bug of Qemu, to "support Metasploit" :-). any idea where Qemu might be wrong? first of all, i am starting with the windows/exec payload, which contains the suspected shellcode. i suppose that its source is at external/source/shellcode/windows/single_exec.asm. is that correct? however, looking at this source, it doesnt seem to use any special instruction at all. this confuses me even more ...There are alot of steps in between the source code and the resulting shellcode coming out of Metasploit. I recommend reading the developer guide and source code for more information.to confirm that the culprit is the shellcode with weird tricks, i created a EXE payload using msfpayload. this payload uses windows/exec payload, and simply executes calc.exe i suppose that this EXE file uses the same code as the real shellcode in metasploit exploitation. then i run this EXE file on 2 VM: one is QEMU+KQemu, one is pure QEMU. and i can confirm that it works perfectly well on both environments. so my conclusion is that the shellcode doesnt seem to be the reason why metasploit fails inside pure QEMU. is that reasonable? now i have no idea what is wrong with QEMU anymore, given that my assumption about the weird tricks done inside Metasploit shellcode seems wrong. idea? thanks, Jun _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Joshua J. Drake (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Joshua J. Drake (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Philip Sanderson (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Philip Sanderson (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? AK (Sep 22)
- Re: Why metasploit's exploits fails inside Qemu? Mark A. Miller (Sep 24)
- Re: Why metasploit's exploits fails inside Qemu? Joshua J. Drake (Sep 21)
- Re: Why metasploit's exploits fails inside Qemu? Jun Koi (Sep 21)