Metasploit mailing list archives

Re: WinExec payload?

From: Jose Selvi <jselvi () pentester es>
Date: Wed, 18 May 2011 08:00:49 +0200

Are you using a debugger with the service you're exploiting?
Maybe you're not catching the interruption.

El 18/05/11 07:38, Jun Koi escribió:

hi,

i am using payload WinExec to test one vulnerable application (the
exploitation also comes from metasploit)

before launching the exploit, i put 2 breakpoints on WinExec and
GetProcAddress function of this application.
then i run the exploit, and it successes.

however, the problem is none of my breakpoints were triggered. this is a
surprise to me, as i supposed that the payload cannot work without using
these 2 functions. clearly i missed something there!

could anybody please tell me why this happens?

thanks a lot,
Jun


-- 
Jose Selvi.
Security Technical Consultant
CISA, CISSP, CNAP, GCIH, GPEN

http://www.pentester.es

SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking
http://www.sans.org/mentor/details.php?nid=24133
http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

WinExec payload? Jun Koi (May 17)
- Re: WinExec payload? Jose Selvi (May 17)
  - Re: WinExec payload? Jun Koi (May 17)
    - Re: WinExec payload? Jose Selvi (May 17)
- Re: WinExec payload? Abuse007 (May 18)
  - Re: WinExec payload? Peter Van Eeckhoutte (May 18)
    - Re: WinExec payload? Jun Koi (May 18)