Re: cmd/windows/reverse_perl not being executed.

[danuxx () gmail com]

Thanks joshua I will try to see if ORD payload works for me.

Not sure if egghunter works since I have only 268 bytes before and 75 bytes after EIP, so I cannot overwrite  more 
memory to place the egg+shellcode. Any clue?
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Fri, 5 Mar 2010 11:46:44 
To: Danux<danuxx () gmail com>
Cc: <framework () spool metasploit com>
Subject: Re: [framework] cmd/windows/reverse_perl not being executed.

On Thu, Mar 04, 2010 at 03:06:07PM -0600, Danux wrote:
> Hi,
>
> I am using this payload cmd/windows/reverse_perl encoded (150 bytes)
> since I have only  268 bytes to place my shellcode.
> But I am not getting any reverse shell, I debugged the process and the
> shellcode is loaded in memory and decoded without problems.

Danux, 

The cmd/windows/reverse_perl payload is NOT shellcode. Instead, it is
a collection of shell commands that do what shellcode would normally
do. The cmd/* payloads are for use with command execution
vulnerabilities.

If you're tight on space, one of the following should work:

1. Use a different method of placing shellcode in memory
2. Use an ORD payload (usually much smaller)
3. USe the EggHunter mixin

> I also install perl in the Windows Vista 32-bit box but still no shell back.

If this were a command execution vuln, and perl was installed, it
would still need to be in the target processes path. I suspect this
is not your issue currently though.

Good luck!

-- 
Joshua J. Drake

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework