Home page logo

metasploit logo Metasploit mailing list archives

Re: more testing
From: Stephen Fewer <stephen_fewer () harmonysecurity com>
Date: Sun, 20 Jun 2010 19:22:42 +0100

Hash: SHA1

Hi David, thanks for the report, I've opened ticket #2123
(http://www.metasploit.com/redmine/issues/2123) to track the native x64
psexec issue and have a fix nearly ready, prob done by tomorrow just
needs a little testing. The issue with psexec is as you mentioned an
incorrect x86 .exe being used.


- - Stephen.

On 20/06/2010 06:38, David Kennedy wrote:
Been doing some more testing with Mubix (thanks man!) all of the x64 bit
payloads seem to be affected through mssql_payload and psexec (looks
like any upload like payloads). Using other methods aside from cmdstager
are still not functioning correctly. Strangely enough Mubix has them
working on a Windows 7 x64 (non VMWare) and my Windows 7 x64 (VMWare)
does not work, wondering if its a VMWare specific issue? Also tried on
Server 2008 x64 (vmware) and two separate servers with the same results.
All x86 based payloads work without a hitch. Here's what I've tested.

windows/x64/meterpreter/bind_tcp - not working
windows/x64/meterpreter/reverse_tcp - not working
windows/meterpreter/bind_tcp - working
windows/meterpreter/reverse_tcp - working
windows/x64/shell/reverse_tcp - not working
windows/x64/shell/bind_tcp - not working
windows/x64/shell_reverse_tcp - not working

Thought maybe since all of them appear to use
Msf::Util::EXE.to_win32pe(framework,payload.encoded) it may be getting
encoded with a x86 based encoder and corrupting the binary? I'll test
this off tomorrow just a complete guess.

Version: GnuPG v1.4.9 (MingW32)


  By Date           By Thread  

Current thread:
  • more testing David Kennedy (Jun 20)
    • Re: more testing Stephen Fewer (Jun 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]