Metasploit mailing list archives
Windows Recv Tag Findsock Meterpreter payload
From: hdm at metasploit.com (H D Moore)
Date: Thu, 28 Apr 2005 23:56:23 -0500
We are looking at a 2.4 release either early next week, or the week after. The 2.4 release will be mostly bug fixes and already-public updates, but some of vlad902's SunRPC stuff will be included, along with some cool win32 payloads from skape, and the new OptyNop2 module from spoonm. The FindRecv stuff may not change though - we just haven't had time to test and tweak the exploits to work properly with the win32 FindRecvTag payloads. The most common problem is that the exploit sends more (or less) data than is recv()'d by the remote process. When the FindRecvTag code runs, it either sees some of the exploit request instead of the tag or the tag was gobbled up by the application before the payload ran. This may be completely wrong for the win32 stuff, but it holds true for the Mac OS X FindRecvTag stager. If you want to play with it, you need to set the appopriate Keys value, then add a $self->Handler($[socket var]) to the exploit code. If succeed in getting FindRecvTag to work with one of the modules, let us know and we can incorporate it into the next update. -HD On Thursday 28 April 2005 23:37, Chris Byrd wrote:
I'm going to play around with the Keys of some of the win32 exploits and see if I can get anywhere, but most likely I'll be waiting with anticipation for 2.4. :)
Current thread:
- Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload vlad902 (Apr 28)
- <Possible follow-ups>
- Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload vlad902 (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload Chris Byrd (Apr 28)
- Windows Recv Tag Findsock Meterpreter payload H D Moore (Apr 28)