Home page logo
/

metasploit logo Metasploit mailing list archives

How payloads (shellcodes) used in exploiting
From: rrawal at ipolicynetworks.com (Rawal, Rajesh)
Date: Thu, 29 Mar 2007 12:48:14 +0530

Hi,
 
I am using metasploit framework 3, exploiting windows and linux
applications.
I have captured packets using ethereal, but I didn't find the payload
(position) used during the exploittation.
 
For e.g.
 
Exploit used was "windows/smb/ms06_040_netapi" and used payload
"windows/shell_bind_tcp" and it successfully exploited remote host and
got command of remote host machine. Also taken packet capture during
this process.
I m not able to find payload of "windows/shell_bind_tcp" in packet
capture.
 
1. Can I know where this payload exist (where it comes during this
sesion) in packet capture?
2. Does these payloads (shellcodes) differs in every new exploit
attemts?
 
waiting for positive response
 
Regards
 
Rajesh Rawal
AMTS
iPolicy Networks
NSEZ Noida | India
Tel. +91-120-2567001,xtn-1246
Cell +91-9899401874

www.ipolicynetworks.com <http://www.ipolicynetworks.com/> 

 
 
 
 


 
<http://858769.sigclick.mailinfo.com/sigclick/0F040106/0F0E4D04/02024503
/07191971.jpg> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070329/d6cfa0a6/attachment.htm>
-------------- next part --------------
"DISCLAIMER: This message is proprietary to iPolicy Networks Pvt. Ltd. and is intended solely for the use of the 
individuals to whom it is addressed. It may contain privileged or confidential information and should not be circulated 
or used for any purpose other than for what is intended. If you have received this message in error, please notify the 
originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from 
using, copying, altering, or disclosing the contents of this message. iPolicy Networks accepts no responsibility for 
loss or damage arising from the use of the information transmitted by this email including damage from virus."....IPF 5K


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]