Re: tomcat_mgr_deploy fails on x86_64

["Joshua J. Drake" <jdrake () metasploit com>]

On Wed, Oct 27, 2010 at 03:50:57PM +0100, Robin Wood wrote:
> On 27 October 2010 15:46, Robin Wood <robin () digininja org> wrote:
> > I'm trying to run the tomcat_mgr_deploy against a machine that is
> > identified by nmap as linux 2.6.x and nessus as just a 2.6 kernel.
> > Automatic targeting chooses x86_64 and gives me the error below. If I
> > force x86 then the file is uploaded but then fails to create a
> > session.

Forcing it to x86 should work. If you don't get a session from there,
it's likely limited by some java security manager settings.

Using a JAVA payload might help .. It's worth a try although I saw
limited success that way in my testing :(

> > Is this a bug or something I'm doing wrong?
[...]
> > msf exploit(tomcat_mgr_deploy) > exploit
> >
> > [*] Attempting to automatically select a target...
> > [*] Started bind handler
> > [*] Automatically selected target "Linux X86_64"
> > [-] Exploit exception: undefined method `unpack' for nil:NilClass
> > [*] Exploit completed, but no session was created.
> > msf exploit(tomcat_mgr_deploy) >

Definitely looks like a bug. If possible, could you "setg LogLevel 3",
trigger the error again, and send me the stack trace from
framework.log (privately)?

> Just spotted this in the tomcat interface, that confirms it is 64 bit
>
> Apache Tomcat/6.0.28          1.6.0_20-b02    Oracle Corporation      Linux
>       2.6.18-194.8.1.el5      amd64

Which Oracle product is this from?

-- 
Joshua J. Drake

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework