Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: framework Digest, Vol 62, Issue 4

From: rashed saed <saed.rak () gmail com>
Date: Tue, 19 Mar 2013 00:07:03 +0400
On ١٨‏/٠٣‏/٢٠١٣ ١:٠٠ ص, <framework-request () spool metasploit com> wrote:


Send framework mailing list submissions to
        framework () spool metasploit com

To subscribe or unsubscribe via the World Wide Web, visit
        https://mail.metasploit.com/mailman/listinfo/framework
or, via email, send a message with subject or body 'help' to
        framework-request () spool metasploit com

You can reach the person managing the list at
        framework-owner () spool metasploit com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of framework digest..."


Today's Topics:

   1. Meterpreter not exiting (Brian Seel)
   2. Re: Meterpreter not exiting (Carlos Perez)
   3. Re: Meterpreter not exiting (egypt () metasploit com)
   4. 10 years of Hackers to Hackers Conference - Call for      Papers
      (Rodrigo Rubira Branco (BSDaemon))


----------------------------------------------------------------------

Message: 1
Date: Sat, 16 Mar 2013 16:13:03 -0400
From: Brian Seel <brian.seel () gmail com>
To: framework () spool metasploit com
Subject: [framework] Meterpreter not exiting
Message-ID:
        <CADch=7k=xwdPQKYEX-K7X2NAmUp7QmCrpHGCTJsB68D=
dneaVA () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

I have been doing some testing with Meterpreter recently (building an
extension), and I noticed that I ended up with a bunch of running
meterpreter payloads in the process list. I checked if I had any open
sessions, and I did not. I had been closing my sessions with the exit
command, so I looked at the code for that in the source/client. That simply
calls exit(0)... which seems like it would just exit the client of
meterpreter, but not the meterpreter server running remotely (which is what
I am seeing).

First off, am I doing something wrong? Second, is this behavior by design?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.metasploit.com/pipermail/framework/attachments/20130316/5851c4ff/attachment-0001.html




------------------------------

Message: 2
Date: Sat, 16 Mar 2013 16:34:50 -0400
From: Carlos Perez <carlos_perez () darkoperator com>
To: Brian Seel <brian.seel () gmail com>
Cc: "framework () spool metasploit com" <framework () spool metasploit com>
Subject: Re: [framework] Meterpreter not exiting
Message-ID: <F51FD478-2A46-4DCF-8CD0-42E4B0BA1568 () darkoperator com>
Content-Type: text/plain;       charset=us-ascii

That is to be expected, have you tried changing in the exitfunc option?

Sent from my iPhone

On Mar 16, 2013, at 4:13 PM, Brian Seel <brian.seel () gmail com> wrote:


I have been doing some testing with Meterpreter recently (building an

extension), and I noticed that I ended up with a bunch of running
meterpreter payloads in the process list. I checked if I had any open
sessions, and I did not. I had been closing my sessions with the exit
command, so I looked at the code for that in the source/client. That simply
calls exit(0)... which seems like it would just exit the client of
meterpreter, but not the meterpreter server running remotely (which is what
I am seeing).


First off, am I doing something wrong? Second, is this behavior by

design?

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



------------------------------

Message: 3
Date: Sat, 16 Mar 2013 15:44:16 -0500
From: egypt () metasploit com
To: framework () spool metasploit com
Subject: Re: [framework] Meterpreter not exiting
Message-ID:
        <
CAOn7DB+ZUuugM0i1nCqZYoRZb5yKUebOxysB1TtAkaky28oO7g () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Reply fail. Also autocorrect fail. The C client is old and UNmaintained.
 ---------- Forwarded message ----------
From: <egypt () metasploit com>
Date: Mar 16, 2013 3:36 PM
Subject: Re: [framework] Meterpreter not exiting
To: "Brian Seel" <brian.seel () gmail com>
Cc:

Are you looking the C client? That code is old and maintained.

What msfconsole uses to talk to meterpreter is the ruby implementation in
lib/rex/post/. I've noticed posix meterpreter hanging around after exit,
but I haven't dug into why yet. What platform are you seeing this on?

egypt
On Mar 16, 2013 3:13 PM, "Brian Seel" <brian.seel () gmail com> wrote:


I have been doing some testing with Meterpreter recently (building an
extension), and I noticed that I ended up with a bunch of running
meterpreter payloads in the process list. I checked if I had any open
sessions, and I did not. I had been closing my sessions with the exit
command, so I looked at the code for that in the source/client. That

simply

calls exit(0)... which seems like it would just exit the client of
meterpreter, but not the meterpreter server running remotely (which is

what

I am seeing).

First off, am I doing something wrong? Second, is this behavior by

design?


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.metasploit.com/pipermail/framework/attachments/20130316/dbf348f8/attachment-0001.html




------------------------------

Message: 4
Date: Sat, 16 Mar 2013 14:24:26 -0700
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
To: framework () spool metasploit com
Subject: [framework] 10 years of Hackers to Hackers Conference - Call
        for     Papers
Message-ID: <5144E30A.8090306 () kernelhacking com>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CALL FOR PAPERS - Hackers 2 Hackers Conference 10th edition

The call for papers for H2HC 10th edition is now open.  H2HC is a hacker
conference taking place in Sao Paulo, Brazil, from 03 to 08 of October
2013.

[ - Introduction - ]

For the tenth consecutive year and past success we have been having,
the annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
from 03 to 08 of October 2013 and aims to get together industry,
government, academia and underground hackers to share knowledge and
leading-edge ideas about information security and everything related
to it.

H2HC will feature national and international speakers and attendees with
a wide range of skills. The atmosphere is favorable to present all
facets of computer security subject and will be a great opportunity to
network with like-minded people and enthusiasts.

The conference is a dual-language conference, with ALL talks in
English or simultaneously translated to English by professional
linguists with experience in computer sciences translation.

[ - The venue - ]

H2HC 10th edition will take place at Novotel Morumbi
(http://www.novotel.com/gb/hotel-0473-novotel-morumbi/index.shtml) in an
auditorium with capacity for up to 600 people.  Additionally, we will
be helding BSides SP on October, 06 in an auditorium in the same
venue with capacity for up to 200 people.


[*] About Sao Paulo (taken from fiquemaisumdia.com.br)

The city is the largest in Brazil and first in South America by
population. Quite often Sao Paulo intimidates people because of its
size, its constant pedestrian and vehicle traffic, ethnic and cultural
multiplicity. Sao Paulo will surprise you whether you come here on
business or for an expo, a congress or a convention, stay for at least
one more day. Let yourself be seduced by the cultural diversity of
this many-faceted city which vibrates, dictates fashion, is always
anticipating trends, and welcomes Brazilians and foreigners from all
over. And oh, do not forget to have fun in South America's wildest night
life.


[ - Topics - ]

  H2HC committee gives preference to lectures with practical
demonstration. The conference staff will try to provide every equipment
needed for the presentation in the case the author cannot provide them.

The following topics include, but are not limited to:

    * Exploit development techniques
    * Telecom security and phone phreaking
    * Fuzzing and application security test
    * Penetration testing
    * Web application security
    * Techniques for development of secure software and systems
    * Hardware hacking, embedded systems and other electronic devices
    * Mobile devices exploitation, Symbian, P2K and bluetooth technologies
    * Analysis of virus, worms and all sorts of malwares
    * Reverse engineering
    * Rootkits
    * Security in Wi-Fi and VoIP environments
    * Information about smartcard and RFID security and similars
    * Technical approach to alternative operating systems
    * Denial of service attacks and/or countermeasures
    * Security aspects in SCADA and industrial environments and
"obscure" networks
    * Cryptography
    * Lockpicking, trashing, physical security and urban exploration
    * Internet, privacy and Big Brother
    * Information warfare and industrial espionage

[ - Important dates - ]

Conference and trainings - H2HC Sao Paulo/Brazil

  October 03rd and 04th: H2HC trainings 1
  October 05th and 06th: H2HC 10th edition
  October 07th and 08th: H2HC trainings 2


Deadline and submissions

  Deadline for proposal submissions: June 17 2013
  Deadline for slides submissions:   August 17 2013


Notification of acceptance or rejection: no later than July 10 2013

    * E-mail for proposal submissions:
        coordenacao *noSPAM* h2hc *dot* com *dot* br

Make sure to provide along with your submission the following details:

    * Speaker name or handle, address, e-mail, phone number and general
contact information
    * A brief but informative description about your talk
    * Short biography of the presenter, including organization, company
and affiliations
    * Estimated time-length of presentation
    * General topic of the speech (eg.: network security, secure
programming, computer forensics, etc.)
    * Any other technical requirements for your lecture
    * Whether you need visa to enter Brazil or not

Speakers will be allocated 50 minutes of presentation time, although, if
needed, we can extend the presentation length if requested in advance.

Preferable file format for papers and slides are both PDF and also PPT
for slides.

Speakers are asked to hand in slides used in their lectures.

PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your
presentation involves advertisement of products or services please do
not submit.

[ - Information for speakers - ]

  Speakers' privileges are:

    * H2HC staff can guarantee and we will provide accommodation for 2
nights
    * For each non-resident speaker we might be able to cover travel
expenses up to USD 1,000.00
    * For each resident speaker we might be able to cover travel expenses
    * Free pass to the conference
    * Parties! Plenty of parties... Hope you enjoy it, otherwise you can
stay in the hotel, sleep and regret!...

[ - Program Committe - ]

pipacs (PaX Team)
spender (GRsecurity)
Stefano Zanero (Politecnico di Milano)
BSDaemon (Dissect || PE)

[ - Other information - ]

  For further information please check out our web site
http://www.h2hc.com.br/ it will be updated with everything regarding
the conference.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFE4woACgkQRpuC3B/O3qE64wCfd3VM2ALUky4hXOAw8iFh1tMZ
MzsAmwTJKoGBh4WbZZ+ZMtSANOYM+25T
=RZt+
-----END PGP SIGNATURE-----


------------------------------

_______________________________________________
framework mailing list
framework () spool metasploit com
https://mail.metasploit.com/mailman/listinfo/framework


End of framework Digest, Vol 62, Issue 4
****************************************


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: