mailing list archives
Re: Issues with x64 based payloads
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Sun, 20 Jun 2010 13:44:24 -0500
On Sat, Jun 19, 2010 at 11:37:43PM -0400, David Kennedy wrote:
Anyone experiencing issues when using mssql_payload via a x64 based system?
It worked fine about two weeks ago however it appears something may have
changed. Example below tested on a server 2008 x64:
The scripts/shell/spawn_meterpreter.rb script uses a hardcoded payload
handler of windows/meterpreter/reverse_tcp, which will always use an
x86 second stage. If you edit the payload used inside that script, it
In the future we'll work out a better way of handling this, but this
should get it working in a pinch. Oops, just realized that is
completely unrelated here too hehehe..
mssql_payload as well as some other stuff uses the CmdStager mixins
which in turn use the Msf::Exploit::EXE mixin to generate an executable.
The psexec module doesn't use this stuff, but as was said elsewhere
uses an explicit to_win32pe_service call inside Msf::Util::EXE ..
For the CmdStager (mssql_payload), etc you can set the EXETEMPLATE
variable to "data/templates/template_x64_windows.exe". That should fix
Since psexec doesn't use the Msf::Exploit:EXE mixin it won't work for
that one. We will need some more code changes, likely moving it to use
the Msf::Exploit::EXE mixin..
In all cases, automatically detecting that the target is x64 is
tricky. We'll have to look further into doing that..
PS. Always make sure your handler and your payload match, otherwise
you could get strange crashes when staging happens.
Joshua J. Drake