Metasploit mailing list archives
Re: cmd/windows/reverse_perl not being executed.
From: danuxx () gmail com
Date: Fri, 5 Mar 2010 20:12:41 +0000
Thanks joshua I will try to see if ORD payload works for me. Not sure if egghunter works since I have only 268 bytes before and 75 bytes after EIP, so I cannot overwrite more memory to place the egg+shellcode. Any clue? Sent via BlackBerry from T-Mobile -----Original Message----- From: "Joshua J. Drake" <jdrake () metasploit com> Date: Fri, 5 Mar 2010 11:46:44 To: Danux<danuxx () gmail com> Cc: <framework () spool metasploit com> Subject: Re: [framework] cmd/windows/reverse_perl not being executed. On Thu, Mar 04, 2010 at 03:06:07PM -0600, Danux wrote:
Hi, I am using this payload cmd/windows/reverse_perl encoded (150 bytes) since I have only 268 bytes to place my shellcode. But I am not getting any reverse shell, I debugged the process and the shellcode is loaded in memory and decoded without problems.
Danux, The cmd/windows/reverse_perl payload is NOT shellcode. Instead, it is a collection of shell commands that do what shellcode would normally do. The cmd/* payloads are for use with command execution vulnerabilities. If you're tight on space, one of the following should work: 1. Use a different method of placing shellcode in memory 2. Use an ORD payload (usually much smaller) 3. USe the EggHunter mixin
I also install perl in the Windows Vista 32-bit box but still no shell back.
If this were a command execution vuln, and perl was installed, it would still need to be in the target processes path. I suspect this is not your issue currently though. Good luck! -- Joshua J. Drake _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- cmd/windows/reverse_perl not being executed. Danux (Mar 04)
- Re: cmd/windows/reverse_perl not being executed. Joshua J. Drake (Mar 05)
- Re: cmd/windows/reverse_perl not being executed. danuxx (Mar 05)
- Re: cmd/windows/reverse_perl not being executed. Joshua J. Drake (Mar 05)