Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why metasploit's exploits fails inside Qemu?

From: Jun Koi <junkoi2004 () gmail com>
Date: Tue, 21 Sep 2010 23:04:27 +0700
On Tue, Sep 21, 2010 at 9:09 PM, Jun Koi <junkoi2004 () gmail com> wrote:

hi,

using metasploit, i created a vulnerable PDF file (using exploits like
modules/exploits/windows/fileformat/adobe_geticon.rb). as a result, i
have a PDF file, which is perfectly working with my old Adobe Reader
inside my Virtual Machine. I tried to open my PDF file inside 2 VMs:
one is a KVM machine, one is QEMU+KQemu machine. both work perfectly.

However, if i open the same PDF file in another VM running pure QEMU
(which means i run Qemu without KVM or KQEMU as accelerator), the
exploitation doesnt work anymore: the process looks like hangup.

i tried other exploitations inside
modules/exploits/windows/fileformat/, and have the same conclusion:
while these exploits work very well with QEMU+KVM or QEMU+KQemu, they
never works inside pure Qemu.

i googled around, and found that other people have similar experience:
http://www.cs.uaf.edu/2006/spring/cs493/hw/hw4.html

anybody knows why we have this problem, or even better, know how to
fix this (so the exploitation can work inside pure Qemu VM)?



perhaps Metasploit fails to work inside Qemu is because Metasploit
shellcode is doing some special tricks, that Qemu fails to emulate
them correctly? any idea?

thanks,
Jun
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: