Metasploit mailing list archives
MSF3 through tunnel - "Exploit failed: Invalid packet. Packet header must be at least 10 bytes long" message
From: kpapadakis at ntlworld.com (kpnet)
Date: Wed, 09 Apr 2008 19:57:55 +0100
Hi all, This is my first post so please be gentle ;) I am trying to use an exploit (a classic DCERPC) in MSF3 on a win 2000 host (that I know is vulnerable) through a tunnel setup using proxytunnel. Setup looks like: Attacker--------Proxy------Victim on the Attacking PC# proxytunnel -a <an_arbitrary_LPORT> -p someproxy:<P_Port> (allowing/forwarding CONNECT method to) -d Victim:<dcerpc_port> When I use the technique in a vmware setup, the exploit works through the tunnel (e.g setting MSF3 exploit options to RPORT=LPORT given above and RHOST=127.0.0.1) However, when I use the same technique and an exact same setup but through a VPN tunnel/connection, I get an "Exploit failed: Invalid packet. Packet header must be at least 10 bytes long" message from MSF3 output. "watching" the attack in ethereal, I can see everything up to the sending of the exploit to be as expected (e.g seeing the CONNECT method established, and then the sending of the exploit) but immediately after that the attacking box sends a terminate connection (FIN) to the proxy.I would expect to see continuation of HTTP traffic immediately after that! Assuming that the destination target is vulnerable (as direct exploitation without going through the tunnel/proxy works), does anyone have any idea of why this is happening and/or what does the message MSF3 complains is about? Note that I know that http proxy is not yet implemented in MS3 but in this attack there is no need for it to be setup in MSF3. Also, it works in a vmware environment! (e.g one host 2 guest OSes representing the above setup). Any help much appreciated, regards, kostas
Current thread:
- MSF3 through tunnel - "Exploit failed: Invalid packet. Packet header must be at least 10 bytes long" message kpnet (Apr 09)