Re: Why metasploit's exploits fails inside Qemu?

[Jun Koi <junkoi2004 () gmail com>]

On Tue, Sep 21, 2010 at 11:53 PM, Joshua J. Drake <jdrake () metasploit com> wrote:
> On Tue, Sep 21, 2010 at 11:58:07PM +0700, Jun Koi wrote:
> > i want to fix the bug of Qemu, to "support Metasploit" :-). any idea
> > where Qemu might be wrong?
> >
> > first of all, i am starting with the windows/exec payload, which
> > contains the suspected shellcode. i suppose that its source is at
> > external/source/shellcode/windows/single_exec.asm. is that correct?
> >
> > however, looking at this source, it doesnt seem to use any special
> > instruction at all. this confuses me even more ...
>
> There are alot of steps in between the source code and the resulting
> shellcode coming out of Metasploit. I recommend reading the developer
> guide and source code for more information.

to confirm that the culprit is the shellcode with weird tricks, i
created a EXE payload using msfpayload. this payload uses windows/exec
payload, and simply executes calc.exe

i suppose that this EXE file uses the same code as the real shellcode
in metasploit exploitation. then i run this EXE file on 2 VM: one is
QEMU+KQemu, one is pure QEMU. and i can confirm that it works
perfectly well on both environments.

so my conclusion is that the shellcode doesnt seem to be the reason
why metasploit fails inside pure QEMU. is that reasonable?

now i have no idea what is wrong with QEMU anymore, given that my
assumption about the weird tricks done inside Metasploit shellcode
seems wrong.

idea?

thanks,
Jun
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework