Re: tomcat_mgr_deploy fails on x86_64

[Robin Wood <robin () digininja org>]

On 27 October 2010 17:03, Joshua J. Drake <jdrake () metasploit com> wrote:
> On Wed, Oct 27, 2010 at 03:50:57PM +0100, Robin Wood wrote:
> > On 27 October 2010 15:46, Robin Wood <robin () digininja org> wrote:
> > > I'm trying to run the tomcat_mgr_deploy against a machine that is
> > > identified by nmap as linux 2.6.x and nessus as just a 2.6 kernel.
> > > Automatic targeting chooses x86_64 and gives me the error below. If I
> > > force x86 then the file is uploaded but then fails to create a
> > > session.
>
> Forcing it to x86 should work. If you don't get a session from there,
> it's likely limited by some java security manager settings.
>
> Using a JAVA payload might help .. It's worth a try although I saw
> limited success that way in my testing :(

I tried both x86 and java payloads and none worked. I didn't get the
error below with them though just no session.

> > > Is this a bug or something I'm doing wrong?
> [...]
> > > msf exploit(tomcat_mgr_deploy) > exploit
> > >
> > > [*] Attempting to automatically select a target...
> > > [*] Started bind handler
> > > [*] Automatically selected target "Linux X86_64"
> > > [-] Exploit exception: undefined method `unpack' for nil:NilClass
> > > [*] Exploit completed, but no session was created.
> > > msf exploit(tomcat_mgr_deploy) >
>
> Definitely looks like a bug. If possible, could you "setg LogLevel 3",
> trigger the error again, and send me the stack trace from
> framework.log (privately)?

sending it off list.

> > Just spotted this in the tomcat interface, that confirms it is 64 bit
> >
> > Apache Tomcat/6.0.28          1.6.0_20-b02    Oracle Corporation      Linux
> >       2.6.18-194.8.1.el5      amd64
>
> Which Oracle product is this from?

don't know, haven't managed to get on the box yet!

> --
> Joshua J. Drake
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework